Privacy NoticeEffective: February 15, 2019
amfori is the leading global business association for open and sustainable trade, we bring together over retailers, importers, brands and associations from more than 40 countries. Our membership contains organisations of all sizes and all sectors.
amfori takes your privacy seriously and we are committed to protecting and safeguarding your data privacy rights.
This Privacy Notice describes how amfori collects, uses and discloses personal data and your rights regarding your personal data.
Table of Contents:
- Applicability of this Privacy Notice
- Information we collect and receive
- Data retention
- How we share and disclose information
- Age limitations
- International Data Transfers
- Data Protection Officer
- Your rights
- Data Protection Authority
- Changes to this Privacy Notice
Applicability of this Privacy Notice
This Privacy Notice applies to:
amfori's online tools and platforms, including mobile and desktop applications (collectively, the "Platform");
amfori.org and other amfori websites (collectively, the "Websites");
all other interactions (e.g. members service inquiries, governance bodies, project groups, user conferences, etc.) you may have with amfori.
In addition, a separate agreement governs delivery, access and use of the Platform (the "[Customer] Agreement"), including the processing of any messages, files or other content submitted through Platform accounts (collectively, "Customer Data").
This Privacy Notice does not apply to any third-party applications or software that integrate with the Platforms ("Third Party Services"), or any other third-party products, services or businesses.
Information we collect and receive
We collect the minimum amount of information to enable us to deal with your request or to provide a service to you. We will indicate where the provision of information is voluntary or compulsory. We would normally only request additional information to enable us to provide the most appropriate response to your request.
When you are an employee of an amfori Member:
- amfori collects basic contact information and information about your role within the member organization: name, e-mail address, telephone number, job title. this information is provided by your employer. Supplementary, when you apply for a board position, we hold your CV, employment details and motivation, all supplied by you.
- We use this information as part of the Membership contract, for billing, account management and other administrative matters, and to give you access to a Platform, and to provide you with the information linked to our Services. This may include newsletters, invitations to events and trainings or other interactions. You can unsubscribe from all non-operational communication (e;g. newsletters).
When you are an employee of a potential Member:
amfori collects basic contact information; name, e-mail address, telephone number, position. This information is provided by you, a third party, or found in publicly available resources, for instance social media.
We use this information to invite you to events and to provide you with information about amfori membership.
We process this information because it is in our legitimate interest and in that of our Members to expand the amfori network, and because we believe that our membership will benefit you. If you express your wish not to be contacted anymore, we will respect this.
When you are an employee of an Audit firm:
amfori keeps basic contact information and information related to your expertise: name, e-mail address, audit certification, date of birth, photo, cv. This information is provided by you or your employer.
We use this information to display your profile to our Members, so they can order an audit and to Producers, so they can establish your identity when you perform an on-site audit.
amfori also captures information of the audits you have submitted to the Platform. This information may include location data and other data you have entered in the audit report.
As part of amfori’s ongoing quality program, amfori uses techniques such as automated decision-making and profiling to check the quality of the audits. However, no decisions will be made solely on these outcomes.
We process this information as part of the contract between amfori and the Audit firm.
When you are an employee of a Producer:
- amfori collects basic contact information and information about your role within the member organization: name, e-mail address, job title. This information is provided by you, your employer or an amfori Member. Supplementary we can hold extra information collected when an audit of your company is performed: interview report, date of birth (to gather evidence of potential child labour), and if you are a union representative.
- We process your contact information as part of the Membership contract. Other information is collected as part of the contract between your company and the Audit firm.
When you are an employee of a Training partner:
amfori collects basic contact information: name, e-mail address, job title. This information is provided by your employer.
We process this information as part of a contract and use it to give you access to the training Platform.
When you are a visitor of a conference, training, event:
amfori collects basis contact information: name, e-mail address, job title, employer and if you subscribed to a paying event, payment details. This information is provided by you when at subscription.
We process this information for our legitimate interest to organise the event or webinar in a professional and secure way.
We may use this information to send you additional information about the topics you are interested in. This may include newsletters, invitations to other events or trainings and other interactions. You can always unsubscribe.
When you are a journalist or media contact person:
amfori collects basic contact information: name, e-mail address, telephone number. This information is provided by you or from a third party.
We use this information to send you press releases and provide you with information we believe may be of interest to you. If you express your wish not to be contacted anymore about a certain topic, we will respect this.
When you are an employee of a supplier:
amfori collects basic contact information: name, e-mail address, telephone number, position. This information is provided by your employer.
We use this information to ensure a smooth interaction in our business relationship.
When you are a user of an amfori Platform:
When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way you use the Platform.
We use this information in our legitimate interest to provide optimal services and to improve the Platform, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities. For example, we may make Services suggestions based on historical use and predictive models, or identify organizational trends create new productivity features and products.
We also use this information to send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them.
We may use this information to send you additional information about the topics you are interested in. This may include newsletters, invitations to other events or trainings and other interactions. You can always unsubscribe from these communications.
When you are a visitor of the amfori Website:
amfori collects usage information including the IP-address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins and language preferences. amfori also collects device information and location information when you are accessing the Website in accordance with the consent process provided by your device.
We use this information in our legitimate interest to make the site available to you in an efficient and effective way, to provide the services you request and to understand how you use our services and our web site and to help us to derive knowledge that helps us to develop new services. When we process your personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
When you interact with amfori through a Website, a Platform report, e-mail, telephone or postal mail:
- amfori will collect contact data and other data provided by you to process your request, comment or question and to provide you with a response.
When you are a candidate for a position with amfori:
amfori collects all data necessary to process your application. This may include name, contact details, job title, CV, information about skills, education and experience.
We use this information to assess your application and process this information prior to entering into a contract.
When we receive information about you through our grievance process:
We may process personal data provided through our grievance process to investigate and help prevent security issues and abuse.
In accordance with article 14.5 b) of the GDPR, amfori will not inform you (the data subject) of the collection and processing of your personal data as this would seriously impair achieving the objective of our investigation. amfori will take appropriate measures to protect your rights and freedoms and legitimate interests. This includes extra security measures and limiting the number of people with access to this information.
After the investigation has been completed, you will be informed. However, the source of the information will not be communicated.
To guarantee an objective approach, the investigation will be done by an external partner. This partner will receive all personal data needed to assess the case.
amfori will retain Personal Data for the duration needed for amfori to pursue legitimate business interests, conduct internal audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Personal Data directly linked to any of our monitoring or capacity building activities is retained for 10 years. Usage data is retained for 6 months.
How we share and disclose information
This section describes how amfori may share and disclose your personal information. Customers determine their own policies and practices for the sharing and disclosure of Information within the boundaries of the Customer Agreement and the Terms & Conditions.
- Displaying the Services. When an Authorized User submits information, it may be displayed to other Authorized Users in the same or connected Workspaces. For example, an Authorized User, may get access to the details of a monitoring report, when the subject of the report is part of its supply chain.
- Collaborating with Others. The Services provide different ways for Authorized Users working in independent Workspaces to collaborate. Other Information, such as an Authorized User's profile information, may be shared, subject to the policies and practices of amfori.
- Customer Access. Administrators, Customer Administrators and Authorized Users may be able to access, modify or restrict access to information.
- Third Party Service Providers and Partners. amfori may engage third party companies or individuals as service providers or business partners to process data and support our business. These third parties may, for example, provide virtual computing and storage services.
- Third Party Services. Customer can enable Third Party Services. When enabled, amfori may share Other Information and Customer Data with Third Party Services. amfori will put necessary legal protection in place to restrict the usage to the organisation’s principles. Third Party Services are not owned or controlled by amfori. Third parties that have been granted access to our information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third-Party Services or contact the provider for any questions.
- Corporate Affiliates. amfori may share Personal Information with its corporate affiliates and/or subsidiaries.
- During a Change to amfori's Business. If amfori engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of amfori's assets, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes.
- To Comply with Laws. If we receive a request for information, we may disclose Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of amfori or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent. amfori may share Personal Information with third parties when we have consent to do so.
amfori takes security of data very seriously. To this end we have put in place appropriate measures that are designed to prevent unauthorised access to and misuse of your personal data. If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing firstname.lastname@example.org.
Your information is held on servers hosted by us or our Internet Services Provider. Given the nature of communications and information processing technology, amfori cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
To the extent prohibited by applicable law, amfori does not allow use of our Platform and non-public Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal Data, please contact us by emailing email@example.com and we will take steps to delete such information.
International Data Transfers
The international nature of amfori implies that data might be transferred to countries other than the one in which you live.
All data is stored on servers in Europe and the USA. For the data hosted in the USA, we work together with a partner that complies with the EU-US Privacy Shield.
We may send your information between amfori entities, amfori network representatives, Customers, Auditors, Producers or other partners which may exist outside of the EEA in countries that may not provide a level of protection of personal information that may be regarded as equivalent to that afforded under the European data protection legislation. Whenever your personal information is transferred internationally, we will take appropriate steps to ensure its security and confidentiality in accordance with applicable data protection law. Any collection, storage and use of your personal data by amfori (or on our behalf) will continue to be governed by this privacy notice.
Data Protection Officer
amfori is not obliged by law to have a Data Protection Officer. amfori takes your privacy very seriously and has assigned a staff member to deal with data protection issues. You can communicate with this staff member by email: firstname.lastname@example.org.
Individuals have certain statutory rights in relation to their personal data.
You have the right to request that we:
provide access to any personal information we hold about you;
update any of your personal information which is out of date or incorrect;
delete any personal information which we are holding about you;
restrict the way that we process your personal information;
prevent the processing of your personal information for direct-marketing purposes;
provide your personal information to a third party provider of services;
provide you with a copy of any personal information which we hold about you; or
consider any valid objections which you have to our use of your personal information.
We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.
You can usually exercise your rights using the settings and tools provided in your Platform account. In case this practice is not sufficient, please email email@example.com.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
Data Protection Authority
Subject to applicable law, you also have the right lodge a complaint with your local data protection authority or the Belgian Data Protection Authority, which is amfori's lead supervisory authority in the European Union. If you believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:
Data Protection Authority
Changes to this Privacy Notice
amfori may change this Privacy Notice from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes on this page and encourage you to review our Privacy Notice to stay informed. If we make changes that materially alter your privacy rights, amfori will provide additional notice, such as via email or through the Platform.
Changes and additions to this Privacy Notice are effective from the date on which they are posted.
If you disagree with the changes to this Privacy Notice, you should neither interact with amfori or use the Website. If applicable, deactivate your Platform account.