Meal Plan is offered to you by Sodexo B.V. (Sodexo, we, us). With Meal Plan you can purchase food and beverages in our restaurants. In order to offer our services, we will process certain types of personal data from you. Sodexo respects your privacy and the personal data we process is treated with the greatest possible care and scrutiny. In this Privacy Statement we will inform you about the way we process your personal data.
1. To whom does this Privacy Statement apply?
This Privacy Statement is applicable to you when you use our services, when you visit our website (https://mealplan.bysodexo.nl) and/or when you contact us in relation to our Meal Plan services.
2. Who is the data controller?
Our contact information is:
Rivium Boulevard 2
2909 LK Capelle aan den IJssel
3. What types of personal data do we process?
Personal data means any information relating to an identified or identifiable natural person, the data subject. We may process the following types of personal data from you:
Personal data you provide us with when you purchase Meal Plan: first name, last name, email address, order details and history, amounts paid/due. Personal data we process when you use our website such as IP number or MAC address, unique token of your browser session, browser name and version and how you use our website (browsing details). Personal data you provide us with when you contact us such as name, email address and details of your request and/or complaint and other information you provide us with in the course of our relation.
4. For what purposes do we process your personal data?
Sodexo may collect your personal data in relation to the Meal Plan services, offering our website and to communicate with you. More in particular, we may process your personal data for the following purposes:
Processing and managing your orders and/or purchases. Providing you with the requested services, facilitating your personal Meal Plan. Performing arrangements that we have with you. Giving insight in your purchases and providing access to your personal account. Maintaining the administration of all our Meal Plan holders, including which Meal Plan(s) you purchased (for a semester or a full academic year and Small, Medium or Large) and your customer preferences. Processing of orders and credit that is put on a Meal Plan card. Improving our services. We may (in the future) communicate with you about our brands, products or other promotional purposes including co-branded offers. We will ask your consent to receive such communications where and to the extent required. Handling inquiries, requests, complaints and disputes, customer care. Controlling access to data and information, information security. Compliance with applicable laws and regulations.
We will not further process your personal data for purposes that are incompatible with the aforementioned purposes.
5. What are the applicable legal grounds for the processing of your personal data?
We may only process your personal data when there is a legal ground available as prescribed by the applicable data protection laws and regulations. The following grounds may apply to the processing of your personal data.
Conclusion and performance of an agreement. The legal ground for the processing of your personal data is the performance of the agreement concluded when purchasing a Meal Plan. Legitimate interest. In some cases, we have a legitimate interest for the processing of your personal data whereby we do not disproportionality infringe on your privacy. We have a legitimate interest to protect our businesses and secure our systems. Furthermore, we have a legitimate interest in keeping you informed of relevant developments regarding Meal Plan and send you marketing communications. Consent. We may (in the future) send you direct marketing communications that originate from us and/or our partners. If we are obliged to do so, we will ask for your prior consent for our marketing communications. You may at any time revoke your consent. Legal obligation. We may process personal data to meet with our statutory obligations.
6. How long do we retain your personal data?
We will not retain your personal data longer than necessary for the purposes for which we have obtained your personal data. In principle we may retain your personal data up to a maximum of one (1) year upon the end of our customer relationship, unless we are required to retain your personal data to comply with a statutory obligation, such as tax obligations. In addition, we may retain personal data that are necessary for the purposes of legal proceedings, complaints and disputes for as long as this is necessary in order to protect our interests.
7. Who has access to your personal data?
Persons working at or on behalf of Sodexo and who are involved in Meal Plan may have access to your personal data on a need-to-know basis.
Next to these persons, Sodexo may involve third party service providers who will act as a data processor on our behalf. These are, for example, cloud service providers and suppliers of the online Meal Plan order portal. Sodexo will enter into a data processing agreement with such data processor, which includes arrangements on data security to protect your personal data against data breaches.
We may provide your personal data to competent authorities upon their request to the extent legally required or to the extent necessary to defend our rights in legal proceedings or investigations.
8. Will Sodexo transfer your personal data outside the EEA?
Your personal data is processed within the European Economic Area (EEA). We will not provide your personal data to organizations or institutions located outside the EEA.
9. How does Sodexo protect your personal data?
We process your personal data with the greatest possible care and scrutiny. This means we will adopt appropriate technical and organisational measures to ensure that all the information is correct, current and complete and to prevent it from being accessed by unauthorised persons inside and outside our organisation. We protect our systems and applications according to the applicable standards for information security.
10. What are your rights and how can you exercise your rights?
You may at any time, with reasonable intervals, exercise your right of access to your personal data. In addition, you may request us to rectify or erase any inaccurate information or have us restrict the processing of your personal data. Also, you have the right to request for data portability. If your personal data is being processed based on your consent, you may withdraw your consent at any time. In order to exercise your rights as mentioned above please contact us using the contact information set out in this Privacy Statement. We may ask you to provide proof of your identity when exercising your rights.
If you have complaints about how we handle your personal data, you can contact us using the contact details set out in this Privacy Statement. We are happy to help you find a solution. In the event we are not able to find an adequate solution to deal with your complaints, you can always lodge a complaint to the Dutch supervisory authority (‘Autoriteit Persoonsgegevens’); more information on how to lodge a complaint can be found on this page (Dutch only).
This Privacy Statement may change at any time. If this would be the case, we will inform you thereof. You will always find our up-to-date Privacy Statement on https://mealplan.bysodexo.nl
Last update: 14 September 2018