Privacy Policy

Your privacy is important to us. We have developed this Privacy Policy to inform you about how we collect, use and process your Personal Data. This policy also describes the measures we take to ensure the protection of your Personal Data and specifies how you can contact us so that we can answer any questions you may have about the protection of your Personal Data.

This Policy applies to the activity of AJINOMOTO EUROPE ("AE") in all regions where AE is present where European regulations on the protection of personal data apply.

This policy applies to the Processing of Personal Data collected, directly or indirectly, by AE from any individual, including but not limited to candidates for a position with AE, employees, customers, consumers, children, suppliers/providers, partners/subcontractors, (hereinafter referred to as the "Data Subject").

COMPLIANCE WITH EUROPEAN LAW ON PERSONAL DATA PROTECTION AND ANY OTHER APPLICABLE LOCAL LEGISLATION

We undertake to comply with all applicable legislation on the protection of Personal Data and will ensure that Personal Data is collected and processed in accordance with the provisions of European Data Protection Law and any other applicable local legislation, where applicable.

LEGALITY, LOYALTY AND TRANSPARENCY

Any Processing of Personal Data that we operate is carried out in a lawful manner within the meaning of the GDPR. We may be required to Process your Personal Data in order to (i) perform a contract to which you are a party; (ii) to comply with a legal obligation incumbent upon us; (iii) to safeguard your vital interests or those of a Data Subject; (iv) your prior consent to the Processing in question; (v) the legitimate interests pursued by AE, unless your interests or fundamental rights and freedoms prevail; and (vi) the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

When we Process your Personal Data, we will provide you with an information notice or a policy relating to the protection of your Personal Data, including in particular the following information: who is Responsible for the processing of your Personal Data, what are the purposes of the Processing of your Personal Data, who are the recipients of your Personal Data, what are your rights and how you can exercise them, except in the case where this would be impossible or would require disproportionate efforts.

Where required by applicable local law, we will ask for your prior consent (for example, before collecting Sensitive Personal Data).

LEGITIMACY OF THE PROCESSING, LIMITATION OF THE PURPOSE AND MINIMIZATION OF THE COLLECTION OF PERSONAL DATA

Your Personal Data is collected for specific, explicit and legitimate purposes, and cannot be further processed in a manner incompatible with these purposes.

When AE acts on its own behalf, your Personal Data is processed primarily, but not exclusively, for the following purposes: recruitment management, administrative and social management and work organization of our employees, management of intranet sites and other digital solutions or collaborative platforms, customer relationship management, bid management, sales and marketing, procurement management, internal and external communication and event management, compliance with legal obligations, data analysis activities, corporate legal management and implementation of compliance processes.

ACCURACY AND LIMITATION OF THE STORAGE PERIOD OF PERSONAL DATA

AE will keep the Personal Data it Processes accurate and, where appropriate, up to date. In addition, we will only retain Personal Data for as long as is necessary for the purposes for which it was collected, unless EU law or local legislation to which AE is subject requires its retention. AE, where appropriate, will act upon the request of its customers to assist them in complying with this obligation.

SECURITY OF PERSONAL DATA

We implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful alteration or loss or against unauthorized use, disclosure or access.

Moreover, we take all reasonable steps under the principles of privacy by design and privacy by default to put in place the necessary safeguards and secure the Processing of Personal Data.

SHARING OF PERSONAL DATA

We will not share your Personal Information with other parties unless you request or consent to such sharing in advance.

However, in the course of our day-to-day business and for processing purposes, we may share your Personal Data with, among others, employees of AE and its affiliates, our suppliers/partners or authorized service providers/contractors, for the purposes of managing the work organization of our employees and maximizing the quality and efficiency of our services and business activities.

We may also be required to disclose Personal Data to regulatory authorities, courts and government agencies when required by law, regulation or legal process, or to protect the interests, rights or property of AE or any third parties involved.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

The GDPR prohibits the transfer of Personal Data to countries outside the EU or EEA that do not provide an adequate level of protection for Personal Data. Some of the countries in which the Ajinomoto Group operates are not considered by the European Supervisory Authorities to provide an adequate level of protection for the rights of individuals with respect to the confidentiality of Personal Data.

With respect to transfers of your Personal Data to entities within and outside the Ajinomoto Group and its affiliates located in such countries, AE implements adequate safeguards to protect your Personal Data. Further information will be provided to you regarding any transfer of your Personal Data outside of the EU or EEA at the time of collection of your Personal Data through appropriate information notices or policies for the protection of Personal Data.

COOKIES

Access rights • - You may request access to your Personal Data. You may also request that inaccurate Personal Data be corrected, or that incomplete Personal Data be completed.
• - You may request any available information regarding the origin of the Personal Data and you may also request to obtain a copy of your Personal Data processed by AE
Right to be forgotten Your right to be forgotten allows your Personal Data to be deleted when :
- the Personal Data are no longer necessary for the purposes for which they were collected or processed;
- you decide to withdraw your consent;
- you object to the Processing of your Personal Data by automated processes using technical specifications;
- your Personal Data have been the subject of unlawful Processing;
- your Personal Data must be erased to comply with a legal obligation;
- their erasure is mandatory to ensure compliance with applicable law.
Right to limitation of treatment You can request to limit Processing when :
- you dispute the accuracy of your Personal Data;
- AE no longer needs your Personal Data for processing;
- you have objected to the Processing for legitimate reasons.
Right to data portability If applicable, you may request the portability of the Personal Data that you have provided to AE in a structured, commonly used, machine-readable format, and have the right to transfer such Personal Data to another Controller without AE's interference, when :
1. the Processing of your Personal Data is based on your consent or on an existing contractual relationship; and
2. Treatment is carried out using automated processes.
You also have the right to have your Personal Data transmitted directly to a third party of your choice (where technically possible).
Right to object to treatment in the context of direct prospecting You have the right to object ("right of withdrawal") to the Processing of your Personal Data (including profiling or commercial communications).
Where we Process your Personal Data on the basis of your consent, you may withdraw your consent at any time.
Right not to be subject to automated decisions You have the right not to be the subject of a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.
Right to issue advance directives on the processing of your personal data after your death Pursuant to the French Personal Data Protection Act, you may also define guidelines on the exercise of your rights provided for in this section after your death, (in particular on their retention period, their deletion and/or their communication) as well as designate a person in charge of the exercise of these rights.
Right to lodge a complaint with the competent supervisory authority If you have a Claim against us relating to the protection of your Personal Data, you may complete and submit the Claim/Application Form or make your claim by e-mail or post in accordance with our Claim/Application Management Policy. If you are not satisfied with our response, you may exercise other remedies by contacting the Regulatory Authority or the competent court. In particular, you may contact our principal regulator, the French Control Authority (the "CNIL", www.cnil.fr).

Like many companies, some of our sites may use "cookies”. Cookies are small text files that are placed on your computer's hard drive when you visit certain websites. For example, we may use cookies to track your activity to ensure that your visit to our site is the best experience possible and to ensure that we provide you with options tailored to your preferences the next time you visit. We may also use cookies for traffic analysis and advertising purposes.

Cookies can improve your online experience by saving your preferences when you visit one of our websites. If so, we will inform you about the types of cookies we use and how you can disable them. Where required by local law, you will be able to visit our websites while refusing the use of cookies at any time on your computer.

YOUR RIGHTS

AE is committed to facilitating the exercise of your rights in accordance with applicable regulations. You will find below a table summarizing the various rights you have:

In order to exercise these rights, you may send your Request or Complaint by following the procedure indicated in the personal data protection policies made known to you at the time of collection of your Personal Data or by sending an e-mail to the following e-mail address :gdpr_contact@ehq.ajinomoto.com

CHILDREN

Children deserve enhanced protection with respect to their Personal Data because they may be less aware of the risks, consequences and their rights related to the Processing of Personal Data.

We do not collect and process Personal Data from children without the consent of the holder of parental authority if such consent is required. If you believe that we have collected a child's Personal Data in error, please inform us by contacting us at the email address indicated below.

AMENDMENT

We may update this Privacy Policy from time to time as our business or legal obligations change substantially. In the event that we make significant changes to this Policy, we will post a notice on our website at the time of implementation of such changes and, where appropriate, we will contact you directly regarding such changes.

CONTACT US

If you have any questions regarding the collection and processing of your Personal Data by AE, you may send your questions or complaints by following the procedure indicated in the information notices or personal data protection policies brought to your attention at the time of collection of your Personal Data or by sending an e-mail to the following e-mail address :gdpr_contact@ehq.ajinomoto.com

Or by postal mail to the following address:

AE
Legal Department 32 rue Guersant – 75017 Paris

AMENDMENT

We may update this Privacy Policy from time to time as our business or legal obligations change substantially. In the event that we make significant changes to this Policy, we will post a notice on our website at the time of implementation of such changes and, where appropriate, we will contact you directly regarding such changes.

Definitions

Supervisory Authority:

means an independent public authority established by a Member State as set out in the GDPR.

Request:

any request concerning the exercise of the rights of data subjects under the GDPR.

Personal data:

all personal data collected directly or indirectly from the Data Subjects. In particular, information relating to an identified or identifiable natural person by the said data is considered as Personal Data under the Personal Data Protection Regulations. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Sensitive Personal Data and other Special Categories of Personal Data:

any Personal Data that reveals racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying a natural person, data concerning health, or data concerning the sexual life or sexual orientation of a natural person. This definition also includes Personal Data relating to criminal convictions and offences.

AE and its Affiliates:

means any entity having a shareholder relationship with AE and belonging to the Ajinomoto Group.

Third Country:

means any country, territory or area defined therein, outside the European Union (EU) and the European Economic Area (EEA).

Privacy by design:

taking into account the right to protection of personal data from the design of a product, service or application in order to implement technical and organizational measures from the earliest stages of the design of processing operations, so as to preserve privacy and data protection principles from the outset.

Privacy by default ("Privacy by default"):

means of ensuring that personal data is treated with the highest level of privacy protection so that, by default, it is used only for the purposes for which it was collected and is not made accessible to an indeterminate number of people.

Complaint:

a complaint lodged by a data subject with a Supervisory Authority when the data subject considers that his or her personal data has not been processed in accordance with the GDPR.

Controller:

any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

General Data Protection Regulation or GDPR:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Processing or Processed:

any operation or set of operations carried out with respect to Personal Data, including, without limitation, the collection, recording, organization, storage, adaptation, alteration, removal, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, linking to other Personal Data, blocking, deletion or destruction of the Customer's Personal Data.