Privacy
Privacy Statement
- Purpose of the Privacy Policy
Ornua Co-operative Limited and its subsidiaries (“Ornua”, “us” and “we”) respect your right to privacy in relation to your use of our websites, official social media pages controlled by us and any other form of electronic communication which we use to communicate with you (each a “Site”, together the “Sites”). Our websites currently include www.kerrygold.com, www.kerrygold.co.uk, www.kerrygoldusa.com, www.pilgrimschoice.com, www.palatinafoodservice.com, www.ornua.com, www.ornua.es, www.ornuafoods.co.uk, www.ornuaingredientsuk.com, www.ornuanutrition.co.uk, www.ornuanorthamerica.com, www.ornuaingredientsnorthamerica.com, and www.needfoods.co.uk. This Privacy Policy also applies to your use of our social media sites, including on Facebook, Instagram, WhatsApp, YouTube, X, Flickr and LinkedIn platforms. Please note that the social media platforms collect and process personal data about you when you visit them and Ornua has no control over this. Please inform yourself about how your personal data is processed by the social media platforms you use by reading each of their privacy policies.
For the purpose of this Privacy Policy, Ornua Co-operative Limited or Ornua Co-operative Limited’s subsidiary or affiliate Ornua group company that operates the website is the controller (either solely or jointly with another Ornua group company), as defined by applicable data protections laws.
This Privacy Policy sets out how we safeguard any information which you disclose to us or which may be collected by us via the Sites. Any Personal Data which you volunteer to Ornua will be treated in accordance with this Policy and the terms of all applicable laws that may be adopted in your country of residence from time to time.
Please read this Policy carefully to understand our practices regarding your Personal Data and how we treat it. If you do not read or if you disagree with any aspect of this Privacy Policy, you should not use the Sites. Please also review our Terms of Use which also govern your use of the Sites.
- The meaning of Personal Data
“Personal Data” is defined in the data protection laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you.
- Collection and Use of your Personal Data
When using the Sites you may have an opportunity to provide us with Personal Data which can identify you, such as your name, email address, home address, telephone number, social media account ID etc. This includes, for example, information you provide when you participate in social media functions on a Site, enter a competition, promotion or survey, when you fill in a form or report a problem with a Site.
Please do not disclose sensitive Personal Data to us via a Site, such as information relating to your racial or ethnic origin, political opinions, religious or other beliefs, physical or mental health, criminal background, etc.
Personal Data which we collect from you will only be used for the purposes for which it was provided by you.
- The categories of Personal Data we may collect, the purpose and the lawful basis
Personal Data collected from you include the following:
Categories of Personal Data | Purpose | Lawful basis |
Application data (e.g. name, CV, contact details) | Processing of this personal data is required to enable us to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews. | Processing is necessary for us to take steps to consider entering into a contract with you and, if your application is successful, to enter into a contract with you. |
Contact information in general (e.g. full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers) | Managing and responding to your queries. | Performance of contract and legitimate interests – it’s important and in our interest that we can respond to your enquiries. |
Browsing information (IP address, browser information), and information processed via cookies and analytic tools | (1) Providing and Administering our Site(2) Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality
(3) Re-targeting and marketing tailored information to our users. |
Your consent or legitimate interests – we perform this monitoring to make sure our Sites work properly, to diagnose any problems with our server and administer our Sites. The purpose described on the left under (2) also constitutes our legitimate interests. |
Personal data included in business correspondence and related documents, e.g. name, e-mail address, postal address, phone number, your location, comments relating to business contacts associated with commercial transactions, query details | Communicating with our current and prospective customers, suppliers, members and business associates (in particular via e-mail), e.g. during commercial negotiations, in contemplation of or during the performance of a contract, or to address a query. | Performance of contract and our legitimate interests to conduct business with you. |
Contact Information for Marketing (full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers) | Sending you marketing information, in particular information and updates in relation to our business, products and services and allowing you participate in promotional and marketing activities and to refine our marketing strategies if you have subscribed for and consented in the receipt of such information or participation in promotional and marketing activities | Your consentLegitimate interests (see column on left).
|
Other information containing personal data | Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activityComplying with instructions from law enforcement agencies, any court or otherwise as required by law
For our general record-keeping and customer relationship management Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation and share Personal Data Resolving any complaints from or disputes with you |
ConsentPerformance of contract
Compliance with a legal obligation Legitimate interests (see column on left) |
We do not hold more data than is necessary for the purpose for which we collect it. We do not collect or keep your Personal Data for any longer than is necessary for the purposes for which it was collected or as required by law.
5. Right of Access, Rectification and Erasure
You have various rights under data privacy laws in your country. These may include (as relevant): the right to request access to the Personal Data we hold about you; the right to rectification including to require us to correct inaccurate Personal Data; the right to request restriction of processing concerning you or to object to processing of your Personal Data, the right to request the erasure of your Personal Data where it is no longer necessary for us to retain it; the right to data portability including to obtain Personal Data in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent; the right object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent at any time to any processing for which you have previously given that consent (without affecting the lawfulness of processing based on consent before its withdrawal). You can also lodge a complaint with a supervisory authority.
If at any time after giving us Personal Data you decide that you would like a copy of the Personal Data or you no longer wish us to hold or use the information, if that the information becomes out of date or inaccurate, or if you wish to exercise any of these rights mentioned above, please see “Contact Us” below.
6. Disclosure of Personal Data to Third Parties
Ornua will not disclose your Personal Data to any third party except as described in this Policy or as otherwise agreed by you.
We may disclose your Personal Data to third parties, including but not limited to as follows:
- within our group of companies for the purposes of use described in this Privacy Policy (for example to enter into a commercial transaction with you/your company);
- other joint controllers as outlined in this Privacy Notice who process your Personal Data together with us,
- to third parties who supply services to us, including social media platforms, and who help us and our group of companies to operate our business. For example, sometimes a third party may have access to your Personal Data in order to support our information technology or to handle mailings on our behalf;
- to our legal and other professional advisers;
- as necessary in order to comply with a legal requirement, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this Site, to take precautions against legal liability;
- to regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests; and
- we may engage third parties to manage the Site and provide other services in connection with the Site, such as the collection and analysis of data. Such third parties may have access to certain Personal Data you provide as necessary for the provision of such services on our behalf; provided, however, all such third parties shall be required to protect such Personal Data in accordance with this Privacy Policy.
Due to the global nature of our business, your Personal Data may be stored and transferred to parties located in other countries, including outside the UK or the European Economic Area. In particular, we may store your Personal Data on servers in the United States of America. These other countries will either have different data protection laws than your country of residence or they will not have data protection laws. They may not be deemed as providing adequate protection for Personal Data, for example, where we rely on the EU Commission’s adequacy decisions, including the EU-US Data Privacy Framework where the recipient is in the US.
Steps will be taken to put in place safeguards (including around security) to protect your Personal Data when it is in these other countries not be deemed providing adequate protection for Personal Data. This may include the use of StandardContractual Clauses or derogations under applicable data protection law, in particular where you have given your explicit consent, it is necessary for the conclusion or performance of a contract with you or in your interests, or it is necessary to establish, exercise, or defend legal claims. . You can find out information here https://www.edpb.europa.eu/sme-data-protection-guide/international-data-transfers_en, and here https://www.dataprivacyframework.gov/Program-Overview more. If you have any questions or wish to be provided with a copy, please contact us (details below). Please note commercially sensitive information may be removed/blanked out from copies supplied to you.
7. Keeping your Information Secure
We endeavour to use appropriate technical and physical security measures to protect Personal Data which is transmitted, stored or otherwise processed by us, from any unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with our Sites. These measures include computer safeguards and secured files and facilities. Our service providers are also selected carefully and are required to use appropriate protective measures. In certain areas, we use industry-standard SSL-encryption to protect data transmissions. Most current browsers support the level of security needed.
In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your Personal Data, (c) ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.
Notwithstanding the foregoing, we cannot guarantee the security of any information you transmit to a Site and you do so at your own risk. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately of the suspected problem.
8. Collection of Non-Personal Data, Cookies Policy
We may from time to time use cookies on our Sites based on your consent or as necessary. Cookies are small text files that your web browser leaves on your hard drive to recognize you as a repeat user of our Site, track your use of our Site and target advertising. This allows for personalization of certain aspects of your visit to our Site. Information gathered from cookies in this way is only used on an aggregate basis. Unless a visitor specifically provides their identity to us, e.g., by registering at our Sites, providing information through an online form or sending us correspondence from the Sites, we will not know the identification of individual visitors. We may use cookies to store preferences; record session information; develop information about Site visitors’ preferences and interests; record past activity at a website in order to provide better service when you return to our Site; or customize web page content based on information you voluntarily provide.
You can disable cookies using your Internet browser settings. Please consult your browser’s help function for information on how to disable cookies. Note that if you disable cookies, certain features of our Sites may not function properly.
9. Social Plugins and Social Media Platforms
On some of our websites we use social plugins (also known as “buttons”) of social networks and social media platforms such as Facebook, Google+, and Twitter/X.
When you visit the Sites the buttons are not activated, and they will remain inactive unless you click on one of the buttons. After you click on a button, it will remain active until you deactivate them or you delete your cookies. If you are logged on to a social network, the network can assign your visit to the website to your user account. If you are a member of a social network, you must log out from the social network before activating the buttons on our website, if you do not want the social network to assign data obtained during your visit to our website with your social membership data.
We use the Facebook Connect plugin from facebook.com, operated by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, US. The plug-in can be recognized by way of the Facebook logo or the supplement “Facebook Social Plug-in”. For example, if you click on the “Like” button or leave a comment, the relevant information is transmitted directly from your browser to Facebook and stored there. Furthermore, Facebook makes your likes public for your Facebook friends. If you are logged into Facebook, it can assign the invocation of our page directly to your Facebook account. Even if you are not logged in or don’t have a Facebook account, your browser sends information (e.g. which web pages you have called up, your IP address) which is then stored by Meta. For details about handling of your personal data by Meta and your related rights, please refer to Meta’s data privacy policy: http://www.facebook.com/policy.php. If you do not want Meta to map data collected about you via our Sites to your Facebook account, you must log out of Facebook before you visit our web pages.
We use social media platforms to present ourselves on social media and to stay in contact and interact with you. In addition, we analyse how our social media content is used on social media so that we can design and optimise it in line with requirements based on the insights gained. We process Personal Data based on legitimate interest corresponding to the purposes or your consent. We receive and process so-called social media data (“Social Media Data”) from various social media platforms. Depending on the platform, Social Media Data include (i) reach metrics such as impressions, page views, profile visits, unique users, and access to subpages, (ii) audience insights such as demographic information, follower growth, and trend analyses over time, (iii) engagement data such as impressions, reactions, click-through rates, likes, shares, comments, link clicks, engagement rates, saves, retweets, and replies. Social Media Data will be deleted by us no later than 12 months after its collection.
Please note that the social media platform providers are generally responsible for compliance on their platform and we are only responsible to a limited extent.
We are active on the following social media platforms:
- LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. Information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy. Information on joint controllership and the associated agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum. We have agreed that: (1) we are joint controllers with LinkedIn for the processing of Page Insights data; (2) LinkedIn will assume primary responsibility and is principally responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR; (3) the Irish Data Protection Commission will be the lead supervisory authority overseeing the processing under joint controllership.
- Facebook, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Information on data protection at Facebook can be found at https://www.facebook.com/privacy/policy/. Information on joint controllership and the associated agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum. We have agreed that: (1) we are joint controllers with Meta for the processing of Page Insights data; (2) Meta will assume primary responsibility and is principally responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR; (3) the Irish Data Protection Commission will be the lead supervisory authority overseeing the processing under joint controllership.
- Youtube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Information on data protection at Youtube can be found at https://policies.google.com/privacy. Google is solely responsible for the processing of personal data on the YouTube platform.
- Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Information on data protection at Instagram can be found at https://privacycenter.instagram.com/policy.
- Twitter/X, X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Information on data protection at Twitter/X can be found at https://x.com/en/privacy.
- Flickr, operated by SmugMug Inc., 67 E Evelyn Avenue, Suite 200, Mountain View, CA 94041, USA. Information on data protection at Flickr can be found at https://www.flickr.com/help/privacy.
- WhatsApp, operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Information on data protection at WhatsApp can be found at https://www.whatsapp.com/legal/privacy-policy-eea.
- TikTok, operated by Technology Limited, an Irish company, and TikTok Information Technologies UK Limited, a UK company. Information on data protection at TikTok can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/en.
- Pinterest, operated by Pinterest Europe Ltd. Information on data protection at Pinterest can be found at https://policy.pinterest.com/en/privacy-policy.
10. Google Analytics
We use Google Analytics on the basis of your consent, which is a web analysis service of Google LLC (“Google”) on our websites. Google Analytics uses cookies, i.e. text files stored on your computer to enable analysis of website usage by you. Information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there. In case of activated IP anonymization on the Site, however, your IP address is previously truncated by Google within member states of the European Union or in other states which are party to the agreement on the European Economic Area. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. On behalf of us, Google will use this information to evaluate your use of the website, compile reports about website activities, and provide us with further services related to website and Internet usage. The IP address sent from your browser as part of Google Analytics is not merged with other data by Google. You can prevent storage of cookies by appropriately setting your browser software; in this case, however, please note that you might not be able to fully use all functions offered by the website. In addition, you can prevent data generated by the cookie and relating to your use of the website (including your IP address) from being collected and processed by Google, by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
We use Google Analytics on our websites with the extension “anonymizeIP”, IP addresses being truncated before further processing in order to rule out direct associations to persons.
11. Google Maps
Some Sites use Google Maps to display interactive maps based on your consent. Google Maps is a map service provided by Google. Every time you access a page on a website that uses Google Maps, a direct link is established between your browser and a Google server located in the US. The information that you have visited on this website from your IP address is transmitted by your browser directly to the Google server and stored there. Using Google Maps causes information about your use of the website, including your IP address, to be transmitted to Google in the US. If you do not wish Google to collect, process or use your Personal Data via a website as a result of you using Google Maps, you can deactivate JavaScript in your browser settings. However, if you do deactivate, you can no longer use the map display function. You can find Google’s Privacy Policies at https://policies.google.com/privacy?hl=eng
12. Microsoft Application Insights
The Sites use Microsoft Application Insights based on your consent, a web analytics service provided by Microsoft Corporation (“Microsoft”). Application Insights uses “cookies”, to help the website analyze how users use the Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Microsoft on servers in the US. Microsoft will use this information for the purpose of evaluating your use of the Site, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Microsoft may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Microsoft’s behalf. Further details can be found at https://docs.microsoft.com/en-us/azure/application-insights/app-insights-usage-overview
13. Facebook Pages
We may operate one or more pages (“Pages”) on the Facebook platform. Being the operator of such a Page, we are also the data controller within the meaning of applicable data protection law. This means that we are responsible for the lawful processing of your Personal Data via the Page and must ensure that you can exercise your data subject rights against us.
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”) acts together with us as joint controller within the meaning of Art. 26 para. 1 sent. 1 GDPR. We have entered into a joint controllers agreement with Meta, which is obligatory pursuant to Art. 26 para. 1 sent. 2 GDPR (“Controller Addendum”), in particular setting forth the data protection obligations and the implementation of data subject rights. A copy of this agreement can be accessed here.
You may exercise your data subject rights (pursuant to section 5 of this Privacy Policy) against Meta as well as against us. Pursuant to the Controller Addendum, we are obliged to forward such requests to Meta immediately, and in any event within seven calendar days at the latest. Please note that, therefore, access requests and the assertion of data subject rights are best made directly to Meta. Only Meta has access to the user data concerned and can directly implement the necessary measures and provide information to you.
Data about you may be collected via the Page by means of cookies irrespective of whether you have a Facebook account or not. The use of such cookies is at Meta’s sole discretion. We do not have any influence in this respect. In general, your consent is the legal basis for the setting of cookies. The setting of cookies mainly serves the purpose of showing personalized ads to users of Facebook websites, including Pages. Advertisements from Meta’s advertising partners whose websites the user had visited before visiting Facebook are shown to the user on Facebook (including on the Page). Moreover, cookies are used to compile statistics about how a Page is used so that we and Meta can track the use of a Page.
There is no statutory or contractual obligation on us to collect your data through cookies whenever you use a Page and such data collection is not a precondition for conclusion of a contract. Therefore, there is no obligation on us, as the Page operator, to send your data to Meta. However, the non-transmission of your data (e.g. by means of blocking cookies) would mean that we either could not provide you with access to the Page at all or we could only grant you limited access.
Your data may be transmitted to Meta Platforms Inc. in the US by the cookies. Meta Platforms Inc. has an EU-US Data Privacy Framework certification, i.e. Facebook must comply with a specific data protection standard for users in Europe which the European Commission has found to be equal to the European standard. In addition, Facebook may use cookies of third-party providers. The third-party service providers’ cookie policies can be accessed on their respective websites.
For further information on the use of cookies by Facebook, please refer to Facebook’s privacy and cookie policies. You may also download your own Facebook data directly from Facebook.
14. Retention period or criteria used to determine the retention period
We keep your Personal Data for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above.
The criteria we use to determine data retention periods for Personal Data includes the following: (i) Retention in case of queries. We will retain it for a reasonable period after the relationship between us has ceased (up to 12 months) in case of queries from you; (ii) Retention in case of claims. We will retain it for the period in which you might legally bring claims against us (in some countries this means we will retain it for 10 years) if and to the extent we have entered into any contract with you; (iii) Retention in case of withdrawal of consent or objection to the processing. We will usually not store your personal data for any longer, if you withdraw your consent or object to the processing of your Personal Data; (iv) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain it after the period described in (ii) because of a legal or regulatory requirement.
If your application for employment is successful and you commence employment with us, your Personal Data will be transferred to your personnel file and will be processed for employment purposes. If your application for employment is not successful, we will keep your Personal Data for a limited period (depending on the country where the hiring Ornua entity is located) following notification that your application was not successful in order to (i) defend against potential claims and/or (ii) inform you about future job opportunities (with your consent, where required, and provided you have not objected to be contacted for this purpose).
If you would like further information about our data retention practices, please contact us (see “Contact Us” below).
15. Links to Other Websites
This Site may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We do not control these websites and are not responsible for their data or privacy practices. We urge you to review any privacy policy posted on any third party site you visit before using the site or providing any Personal Data.
16. Amendments to this Policy
Ornua reserves the right in its sole discretion to amend this Privacy Policy at any time, and you should regularly check this Policy for any amendments we make. If the change is fundamental or may significantly affect you, we will provide you with the updated Privacy Policy in advance of the change actually taking effect. We encourage you to review the content of this Privacy Policy regularly.
17. Contact us
If you wish to contact us to discuss any matter in relation to this Privacy Policy or our processing of your information, please feel free to contact us at Ornua Co-operative Limited, Grattan House, Lower Mount Street, Dublin 2, Ireland or by phone on 00 353 1 661 9599 or e-mail dataprotection@ornua.com.