Privacy Policy

CPM EUROPE B.V. Privacy Policy.

1. Introduction

At CPM Europe B.V., we take your privacy seriously. We are committed to the protection of personal data in line with the data protection principles set out in the European General Data Protection Regulation ("GDPR").

This Notice describes the steps CPM Europe B.V. ("CPM Europe", "we" or "us") take to protect the personal data that we process about our EU customers and other EU business partners.

"CPM Group" is the group of companies (including CPM Europe B.V.) directly, or indirectly, held and/or controlled by CPM Holdings, Inc., a company with its principal place of business at 2975 Airline Circle, Waterloo, IA 50703 USA.

"European Economic Area" or "EEA" means the Member States of the European Union, plus Norway, Iceland and Lichtenstein.

2. Who is responsible for processing your data and how to contact us

CPM Europe B.V., with its registered address business at Rijder 2, 1507 DN Zaandam, the Netherlands, registered in the trade register under number 33106197, is responsible for processing your personal data and is the data controller. CPM Europe can be contacted at the following email address: GDPR.emea@cpm.net.

3. What personal data do we collect and why?

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting the personal data of our customers and business contacts.

A - Sources of personal data

We may obtain your personal data from the following sources:

1. from you directly, for example when you visit our website, hand over your business card or otherwise provide us with your personal data or contact information;
2. from your device or browser when you visit our website; and/or
3. if you contact us, we may keep a record of that correspondence.

B - Personal data that we collect and process

We may obtain your personal data from the following sources:

1. name;
2. position;
3. email address;
4. company;
5. address;
6. phone number;
7. cookie data (for more information please see our website: www.cpmeurope.nl); and
8. IP address;

C - Why do we collect your personal data and what is our lawful basis for it?

We collect your personal data for the purpose establishing and managing our business relationship with you or your organization, for promoting our goods, processing orders, understanding the market in which CPM Europe operates, management reporting (including at an intra-group level), website management, and managing security, risk and crime prevention.

We may obtain your personal data from the following sources:

1. your consent;
2. processing is necessary for the performance of a contract to which you are a party;
3. processing is necessary for compliance with a legal obligation;
4. processing is necessary for the purposes of the legitimate interests pursued by CPM Europe.

Where we use cookies or similar technologies to fulfil this purpose we will seek your prior consent where required doing so by law.

Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

4. Who do we share your personal data with?

We share personal data relating to our customers and business contacts with trusted business partners. The purposes for these transfers are set out below. We do not sell your personal data to third parties.

We may share your personal data with other entities in the CPM Group.

We may disclose information about you to organizations that provide services to us, on the understanding that they will keep the information confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of service providers:

1. technical support providers who assist with our website and IT infrastructure;
2. third party software providers, including 'software as a service' solution providers, where the provider hosts the relevant personal data on our behalf;
3. subcontractors or suppliers that need your information for processing orders;
4. professional advisers such as lawyers, accountants, tax advisors, auditors and insurance brokers;
5. our advertising and promotional agencies and consultants and those organizations selected by us to carry out marketing campaigns on our behalf; and/or;
6. providers that help us store, collate and organize information effectively and securely, both electronically and in hard copy format, and for marketing purposes.

5. Transfers of personal data outside the European Union (EU) / European Economic Area (EEA)

If and when transferring your personal data outside the EU/EEA, we will do so using one of the following safeguards:

1. the transfer is to a non-EU/EEA country which has an adequacy decision by the EU Commission;
2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EU/EEA;
3. the transfer is to an organization which has Binding Corporate Rules approved by an EU data protection authority; or
4. the transfer is to an organization in the US that is EU-US Privacy Shield certified.

International transfers within the CPM Group are governed by EU Commission-approved Standard Contractual Clauses for Controllers (as defined under the GDPR) and, where relevant, for Processors (as defined under the GDPR).

You may request a copy of these agreements by contacting us at GDPR.emea@cpm.net.

6. Your rights

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

• Request access to personal data about you (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
• Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request personal data provided by you to be transferred in machine-readable format ("data portability"), to the extent applicable in the business relationship context. This enables you to ask us to provide you, in a machine-readable format, personal data that you have provided to us for transfer to another data controller.
• Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
• Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Company, as explained above, or where decisions about you are based solely on automated processing, including profiling.
• Withdraw your consent. You may withdraw your consent in those circumstances where we may rely on your consent to process your personal data.

These rights are not absolute and are subject to various conditions under the laws and regulations to which we are subject.

If you have any general queries or decide at any time that you would like to exercise any of your rights as set out above, please contact GDPR.emea@cpm.net.

7. Retention period

We will keep and process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defense of legal claims.

8. Changes

We may make changes to this Notice from time to time to reflect changes in the law or in our practices. Such changes will be applicable as of the effective date set out in this Notice.

Version, May 2020