Privacy Policy

This Privacy Notice explains how ARYZTA Ireland Limited (“ARYZTA”), a company incorporated in Ireland uses and processes any personal data that we collect from you, or you provide to ARYZTA, when you use this website ( ARYZTA Ireland Limited is a member of the ARYZTA group.

ARYZTA is committed to ensuring that your privacy is protected when using this website. Any personal data you provide when using this website, will only be used in accordance with our Privacy Policy and the EU General Data Protection Regulation [REGULATION (EU) 2016/679] “GDPR”. Please read this policy to understand our practices regarding your personal data, how we will treat it and your data protection rights. The website is not intended for children and we do not knowingly collect personal data relating to children.

ARYZTA may amend its Privacy Policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes made by ARYZTA. This policy is effective from 30/04/2019.

1. Who controls your personal data?

ARYZTA is the controller and is responsible for the personal data we obtain from your use of the Website. ARYZTA is made up of different legal entities. If you use contact forms on our website, such as our “Quick Contact” website feature, to contact us we may send your query to the ARYZTA entity in your selected location and both ARYZTA and the ARYZTA entity in your location will be controllers of your personal data which is required to respond to your query. We have arrangements in place intended to ensure your personal data is only used by local ARYZTA entities in accordance with this Privacy Notice.

2. The personal data we collect about you

We may collect the following information:

  • Your contact information such as email address.
  • Demographic information such as preferences and interests.
  • Other information relevant to customer surveys and/or offers.
  • Details of any transactions or usage you carry out through our website and the fulfillment of your orders.
  • Identity and contact data such as your name & email address if you provide it by filling in forms on our website.
  • Profile data such as resumes/CVs and cover letters.
  • Technical data.
  • Usage data including information about how you use our website

Where we need to collect personal data to meet a legal or contractual requirement, and you do not provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to provide all or part of the relevant service. For example, if you are requesting a catalogue on the Website and you do not provide personal data necessary to send it you (e.g. your email address) you may be unable to use that feature.

3. How we collect your personal data:

  • Direct Interactions: You may provide us with your identity and contact data when contacting us through our web forms. You may also provide us with your personal data when corresponding with us by post, phone, email or otherwise.
  • Automated technologies or interactions: As you interact with the Website, we collect technical data and usage data. We will inform you at the time of collecting personal data from you whether you must provide the personal data to use the Website or whether the provision of personal data requested by us is optional. We will inform you at the time of collection whether your personal data will be accessible to third parties, so that you can decide whether to provide it. It is not necessary to register a user account in order to search and view the Website. However, we will receive certain usage Data [Technical Data and Usage Data] when you browse the Website. This is further explained below.

4. How do we use your personal data?

We will only use your personal data lawfully. We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please Contact Us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/activity Type of Data Lawful basis for processing your personal data
To respond to any queries you submit through the Website Identity and Contact Data (a) Performance of a contract with you.

(b) Necessary for our legitimate interests (for running our business and to develop new business).

To manage and respond to your job applications and preferences Identity, Contact and Profile Data (a) Performance of a contract with you.

(b) Necessary to comply with a legal obligation.

(c) Necessary for our legitimate interests (for running our business and staff recruitment).

To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity, Contact, Profile and Technical Data (a) Necessary to comply with a legal obligation.

(b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

To manage our relationship with you which will include notifying you about changes to our terms or privacy notice. Identity, Contact and Profile Data (a) Performance of a contract with you.

(b) Necessary to comply with a legal obligation.

(c) Necessary for our legitimate interests (to keep our records updated and to study how persons use our services).

To use data analytics to improve our Website, services, customer relationships and experiences. Technical and Usage Data Necessary for our legitimate interests (to define types of customers for our services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy).
To do business with you, e.g.:

(a) Send to you goods purchased via the website, and supply to you services purchased via the website.

(b) Send statements and invoices to you, and collect payments from you where applicable;

(c) To send you non-marketing commercial communications.

Identify and contact data (a) Performance of a contract with you.

(b) Necessary to comply with a legal obligation.

(c) Necessary for our legitimate interests (to keep our records updated and to study how persons use our services).

To send you information about special offers and other marketing material Identity and contact data Your consent. Note that you can withdraw consent to receive marketing communications at any time.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosure of your personal data

Except as set out in this Privacy Notice, we do not disclose personal data that we collect about you, or which you provide to us, to any third party. However, for the purposes set out in the table in Paragraph 4 above, we may be required to share your personal data with the parties set out below:

  • Internal third parties: Companies (i.e. a parent company, a subsidiary company and/or a parent of another subsidiary company) for:
    1. The provision of and administration of the Website.
    2. Ensuring your queries are directed to the correct ARYZTA entity.
    3. Ensuring your career opportunity queries are shared with relevant recruitment persons within ARYZTA’s group.
  • External third parties: Companies that provide products and services to us such as professional advisors, IT systems suppliers and support, HR management systems, data storage solutions, IT developers, insurance providers, analytics companies, website hosting providers and other service providers.
  • Public and Government Authorities: Entities that regulate or have jurisdiction over us. We will be required to disclose your personal data in order to comply with any legal obligation if we are ordered to do so by a court of competent jurisdiction, law enforcement body, regulatory authority or administrative authority, or in order to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of ARYZTA, our customers, Website users or others.
  • Prospective Buyers/Sellers: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice. We require all third parties to whom we disclose personal data collected via our Website to respect the security of personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Unless prevented by applicable law, we will notify you when your personal data may be provided to third parties in ways other than explained above, and you may have the option to prevent such sharing at the time that we notify you.

6. Sharing your personal data in other countries

Your personal data may be transferred, stored and accessed within the European Economic Area (“EEA”) or transferred to, stored in, and accessed from countries outside the EEA in order to fulfil the purposes described in this Privacy Notice. For transfers to countries outside the EEA, the data protection regime may be different than in the country in which you are located and will therefore be based on a legally adequate transfer method. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is given to it by ensuring at least one of the following safeguards is implemented:

  • Where the country has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where service providers are based in the US, we may transfer data to them if they are part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield. We will provide you on request a list of the countries located outside the EEA to which personal data may be transferred, and an indication of whether they have been determined by the European Commission to grant adequate protection to personal data. Where applicable, you are entitled, upon request to receive a copy of the relevant safeguard (for example, EC model contractual clauses) that have been taken to protect personal data during such transfer.

7. How your personal data is secured

ARYZTA is committed to maintaining the security of all personal data which is processed pursuant to this Privacy Notice. We maintain appropriate physical, procedural, organisational and technical security measures intended to prevent loss, misuse, unauthorised access, disclosure, or modification of personal data under our control. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. How long do we keep your personal data?

We keep your personal data for no longer than is necessary for the purpose for which it was processed and no longer than is allowed under applicable data protection law. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means in addition to the applicable legal requirements. We also retain personal data if required by applicable law or if justified to do so under applicable statutory limitation periods.

9. Third party websites

This Privacy Notice does not address, and we are not responsible for the terms of use, privacy, content or other practices of third-party websites, including those to which a link is provided on our Website. The inclusion of such a link on our Website does not imply any endorsement of the linked website by ARYZTA.

10. Your legal rights

You have rights with regard to our use of your personal data, including the right to:

  • Request access to your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party.
  • Withdraw consent at any time. If and to the extent we are relying on consent as the legal basis to process your personal data, you are entitled to withdraw your consent to such processing at any time. This will not affect the lawfulness of any processing of your personal data carried out before your consent is withdrawn. If you choose to withdraw your consent, we may not be able to provide certain services to you. We will let you know if this is the case at the time you withdraw your consent.
  • Contacting the data protection supervisory authority: You have the right to complain at any time to the applicable data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns first, so please contact us if you have an issue using the information listed in the “Contact Us” section below.

To exercise one or more of your rights in respect of your personal data, please contact us using the Contact Us details below. We will respond to your request(s) as soon as reasonably practicable, but in any case within the legally required period of time. Fulfil a request will be subject to the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

11. Updating your personal data

It is important that the personal data we hold about you is accurate and current. Please keep us informed, using the Contact Us details below, if any of your personal data changes during your relationship with us.

12. Changes to this Notice

We will change this Privacy Notice from time to time and any changes will be posted to the Website. This version of the Privacy Notice was last updated on the 30th of April 2019 and historic versions can be obtained by contacting us using the Contact Us details below.

13. Contact Us

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights you can contact us in writing using any of the following methods outlined below:

  • Via the Contact Us function of our website.
  • Through email
  • By post to ARYZTA Ireland Limited, Grange Castle Business Park, Clondalkin, Dublin 22.