Privacy Notice


ALFA BETA VASSILOPOULOS SINGLE MEMBER SA  (hereinafter: “AB ”) has created this privacy notice to explain how we collect and use the personal data of our employees (associates). We recommend that you read this notice carefully, so that you understand how we use your personal data. If you have any questions after reading this notice, please contact us using the details at the bottom of this notice and we will try to answer your questions as best as we can.

Overview

This privacy notice answers the following questions:

1.     Does this privacy notice apply to you?

2.     What types of personal data do we use?

3.     For what purposes do we use your personal data?

4.     Who has access to your personal data?

5.     How long will we keep your personal data?

6.     What measures do we take to protect your personal data?

7.     Where do we store your personal data?

8.     What rights can you exercise in relation to your personal data?

9.     What if I have other questions?

10.   Data Protection Officer

 

1.     Does this privacy notice apply to you?

This privacy notice applies to you if you are an associate of AB .

2.     What types of personal data do we use?

We collect the following personal information about you:

·         Personal contact details. Such as your name, address, email address, telephone number.

·         Professional contact details. Such as your business address, professional email address and telephone number.

·         Personal details. Such as gender, marital status, date of birth, nationality and national identification number, resume, copy of your identity document.

·         Contract data. Such as the contents of the employment agreement.

·         Information regarding family members and dependents. Such as emergency contact information.

·         Payment information. Such as your bank account number and expense reimbursement requests and payments.

·         Details about your function. Such as role, department, establishment and responsibilities.

·         Information relating to compensation, pension and other benefits. Such as your salary, bonus and GRO arrangement, company car and pension plan.

·         Details regarding hours worked, vacation and (medical) leave. Such as your work schedule, eligible vacation time, vacation schedule, absence due to medical or pregnancy leave.

·         Information related to education, training and career development. Such as your educational and professional background, results of assessments any courses or trainings you may have followed or certifications you may have attained.

·         Performance and reviews. Such as the contents of your performance reviews and numbers relating to your professional performance.

We will process your sensitive personal data for reasons strictly relating to the proper performance of our duties as your employer and to the extent allowed or required by applicable law. We will process the following types of sensitive personal data:

·         Data relating to your health. To record your absence due to medical reasons, to assist in your recovery or to accommodate any disability you may have. We will not record any diagnostic information or any information from your medical file, except where strictly necessary for the aforementioned purposes. Please also consult the company doctor to find out more about how he or she uses your medical information.

·         Trade union membership. We will process information about your union membership in case you requested us to pay for your union membership fees on your behalf.

·         Criminal convictions or offences. If you commit a criminal offence in the context of your employment, we may record information about such an occurrence in order to notify the police, perform an investigation into the incident, take disciplinary measures or use the data for any resulting legal claims or litigation. For some specific functions, as part of the application procedure, we ask you for a certificate of good conduct (“Verklaring omtrent het gedrag”) or conduct a pre-employment screening.

We need to collect the personal data described above to fulfil our obligations under the (labour) contract we have with you, or because we are legally required to do so.

3.     For what purposes does Koninklijke Ahold Delhaize N.V.  use your personal data?

We will process your data for the following purposes:

      I.        Managing workforce.

·         HR administration. We maintain personnel records for all our associates.

·         Conduct HR management. We engage in day-to-day management of HR issues, such as ensuring proper staffing.

·         Salary and pension payment and providing other benefits. We process your personal data in order to pay your salary, pension payments and other (performance-related) benefits.

·         Expat services. When you are stationed outside of your home country for reasons related to your work at Koninklijke Ahold Delhaize N.V., we may provide a number of services on your behalf, such as health insurance, tax filings or housing.

·         Measuring associate engagement. We conduct periodic surveys to measure – and if possible, improve – the level of associate engagement. We have an interest in ensuring that our associates across the group appreciate and are engaged with their work environment.

·         Onboarding. We process your personal data when you first come work for us to ensure that you are properly trained and equipped for your role.

·         Performance management and learning management. In order to ensure that you continue to perform adequately, we perform performance reviews. In addition, we also try to foster growth in our associates by providing or suggesting courses.

·         Recruitment. We process your information when you apply for a role within Koninklijke Ahold Delhaize N.V. We may also go through our associate records to determine whether we have people within our organization who are suitable to fill a job opening. We engage in these activities because to manage our contractual relationship with you, or to comply with a legal obligation.

     II.        Workforce analytics.

·         HR analytics. We improve the quality of our HR strategy by analysing information about our associates For example, we can use this information to make strategic HR decisions about a AB location. We will not use this information to make decisions about individual associates.

·         Scientific research. We collaborate with scientists to analyse information about our associates according to the highest levels of rigor (i.e. thoroughness) available. In some cases, we may cooperate with universities or researchers to participate in scientific research. We have an interest in performing these types of analysis to improve the performance, retention, health and engagement of our associates, to conduct such an analysis with the highest standards available (e.g. in a scientifically sound manner) and to share any potential results with the community at large and society as a whole.

We will engage in these activities because we have a legitimate interest.

    III.        Communications, IT and facilities

·         Providing communication and information technology facilities. We provide you with IT equipment and services to perform your responsibilities for Koninklijke Ahold Delhaize N.V., e.g. a company cell phone and an email account. We need to process your personal data to make this possible.

·         Communication/IT monitoring. We will monitor communications and network use in order to secure our IT environment and network infrastructure and to ensure that our associates use those facilities in way that complies with applicable laws and internal (acceptable use) policies.

·         Creating a healthy and safe workspace. We want our associates to be healthy and safe. We may therefore process personal data of our associates to analyze how we can improve the quality of their work and reduce any potential unhealthy effects. We also employ security measures such as CCTV cameras and access security of the headquarters building, to ensure that our associates, visitors and property are safe.

We will engage in these activities because we have a legitimate interest, or to comply with a legal obligation.

   IV.        Risk and Compliance

·         To comply with the law. We may have to process your personal data to comply with the law or a judicial order.

·         Insuring risks and liabilities. We insure many risks that may occur in our business, such as against any damages relating to accidents during work or travel insurance for associates who travel on behalf of our company. We may also provide a collective health insurance plan. Depending on the type of insurance, we may have to process your personal data to e.g. process a liability claim.

·         Dispute resolution and investigation of wrongdoing. We may process personal data for the purposes of resolving disputes, complaints or legal procedures or if we have a suspicion of wrongdoing which we would like to further investigate.

We will engage in these activities because we have a legitimate interest, or to comply with a legal obligation.

4.     Who has access to your personal data?

We share your personal data with the following third parties:

-          with third parties acting on our behalf (‘processors’). In such cases, these third parties may only use your personal data for the purposes described above and only in accordance with our instructions;

-          associates in departments engaged with the above mentioned services may have access to the personal data, but only if it is strictly necessary for the performance of their task. In such a case, access will be granted only if necessary for the purposes described above and only if the associate is bound by an obligation of confidentiality;

-          insurance companies who are provide services for Koninklijke Ahold Delhaize N.V. and our associates;

-          with third parties who are responsible for the protection of your personal data, independently from Koninklijke Ahold Delhaize N.V. Examples of these types of parties are external independent auditors, accountants, lawyers or tax advisors. In such a case, your personal data will be protected in accordance with the data protection policies of that party.

-          if required to do so by law or court order, for example with law enforcement agencies or other governmental agencies.

5.     How long will we keep your personal data?

We retain your personal data for a limited amount of time and we will delete your personal data after it is no longer necessary for the purposes of the processing. The criteria used to determine our retention periods are:

·         The duration of your employment;

·         As long as we have an ongoing relationship with you or your family members and dependents;

·         As required by a legal obligation to which we are subject; and

·         As advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).

6.     What measures do we take to protect your personal data?

We have taken appropriate technical and organizational measures to protect your personal data against accidental or unlawful processing,by ensuring that:

·         your personal data is protected against unauthorized access or modification;

·         the confidentiality of your personal data is assured;

·         the availability of your personal data will be maintained;

·         vendors have received instructions on how to protect your personal data;

·         personnel is trained to treat your personal data in a secure way;

·         actual or suspected data breaches are reported in accordance with applicable law.

 7.     Where do we store your personal data?

Only in cases where it is strictly necessary, your personal data may be accessed by staff based in other countries. In some cases, your personal data may be accessed by our associates outside the European Economic Area, for example in the United States or Serbia. In that case, the local laws likely do not provide an equivalent level of data protection compared to the rules applicable in the European Economic Area. For that reason, AB has put in place contractual measures which safeguard the protection of your personal data, such as standard contractual clauses adopted by the European Commission.

 8.     What rights can you exercise in relation to your personal data?

You can exercise a number of rights in relation to your personal data, which are explained below. In each case, please send an email to the following address [insert email address] if you would like to exercise any of your rights. Note that in many cases, your rights are not absolute and we may not be required to comply with your request

Right of access

You are entitled to request access to the personal information we hold about you and to learn details about what data we collect and for what purpose we use it.

Right to rectification

We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.

Right to erasure

In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors. For example, we may not be able comply with your request due to certain legal or regulatory obligations.

Right to restriction of processing

In certain circumstances, you are entitled to ask us to (temporarily) stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information. 

Right to data portability

In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to a third party of your choice.

Right to object

You have the right to object to processing which is based on our legitimate interests. Unless we have a compelling legitimate ground for the processing, we will no longer process the personal data on that basis when you file an objection. Note however, that we may not be able to provide certain services or benefits if we are unable to process the necessary personal data for that purpose.

Right to withdraw consent

We may ask for your consent to process your personal data in specific cases. When we do this, you have the right to withdraw your consent at any time.

9.     What if I have other questions?

If you would like to contact AB in regard to the processing of your personal data, please send an e-mail to [gdpr@ab.gr ]. Please also use this address to exercise any of your rights described in section [8] above. Alternatively, you have the right to lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs.

10.   Data Protection Officer

AB appointed a Data Protection Officer. You can reach the Data Protection Officer by the following email address: dpo@aholddelhaize.com

United States The Netherlands Belgium Greece Serbia Czech Republic Romania Portugal Indonesia