EU-US and Swiss-US Privacy Shield
In the regular course of business, ALDI Inc. (“ALDI”) interacts and communicates directly with consumers, business partners, regulatory authorities, and others. Through these interactions and communications, Personal Data may be provided to ALDI and processed electronically and/or manually. ALDI respects individual privacy and values the confidence of such individuals. This Privacy Statement sets forth ALDI’s privacy principles with respect to Personal Data, including the implementation of privacy procedures and technical security measures to keep Personal Data private and secure, which ALDI follows in its normal course of business.
ALDI participates in both the EU – U.S. Privacy Shield Framework and Swiss – U.S. Privacy Shield Framework. ALDI acknowledges its commitment to comply with the EU – U.S. and Swiss – U.S. Privacy Shield Principles (“Principles”) for all Personal Data received from the EU or Switzerland in reliance on the Privacy Shield. ALDI will collect, use, and disclose Personal Data received from the EU or Switzerland only in accordance with this Privacy Statement and the Principles, or as required by law. For Purposes of Privacy Shield compliance enforcement, ALDI acknowledges that it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view ALDI’s certification please visit https://www.privacyshield.gov.
This Privacy Statement applies to Personal Data received by ALDI (including Personal Data received by third-party organizations or individuals acting as Agents of ALDI) from consumers, business partners, regulatory authorities, and others; in any format, including electronic or paper, as part of ALDI’s business operations. Types of third-party organizations include ALDI subsidiaries and business partners, a current list of which is available upon request. This Privacy Statement does not apply to Personal Data collected by US-facing ALDI Websites, which is governed by the ALDI’s U.S. Online Privacy Notice.
For the purposes of this Privacy Statement, the following definitions shall apply:
“Affiliate” means any third party which is under common control with ALDI.
“Service Provider” means any third party that collects and/or uses Personal Data under the instruction of, and solely for, ALDI or to which ALDI discloses Personal Data for use on ALDI’s behalf.
“ALDI” means ALDI Inc., its successors and wholly owned subsidiaries.
“ALDI Website(s)” means websites controlled by ALDI.
“Personal Data” means any information, or set of information, that identifies or is used by, or on behalf of, ALDI to identify an individual. Examples of Personal Data include an individual’s name, postal address, e-mail address, and telephone number. Personal Data does not include any information that is anonymized, or non-personal information that has not been combined with Personal Data to allow identification of an individual.
“Sensitive Personal Data” is Personal Data which includes information such as government unique identifier or financial information, race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health, sexual orientation, or criminal allegations (convictions or otherwise); or is otherwise defined by the Principles as “sensitive information” (See, e.g., Commission Implementing Decision (EU) 2016/1250, Annex II § II.2.c).
ALDI Privacy Statement
The collection, processing, storage, use, and disclosure of Personal Data in the business context is essential to the conduct of many of ALDI’s business functions. ALDI may collect, process, store, use, and disclose Personal Data from individuals directly and/or from third parties, subject to this Policy and applicable law.
PURPOSE FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
ALDI collects, uses and discloses your Personal Data in its normal course of business as specified in this Policy, and for the following purposes:
· Establishing and maintaining communications with you;
· Where you have requested a service from ALDI, assisting you in the completion of your application, the assessment of your eligibility for any such requested service, the processing and maintenance of the service, as well as any applicable renewal of such service;
· Responding to your inquiries about ALDI’s services;
· Making proposals for future service, equipment and product needs;
· Allowing our affiliated companies to notify you of certain products or services offered by our affiliated companies;
· Processing transactions through service providers;
· Meeting legal, security, processing, and regulatory requirements;
· Protecting against fraud, suspicious or other illegal activities; and
· Compiling statistics for analysis of our sites and our business.
WHAT DATA WE COLLECT
When interacting with ALDI, you may choose to provide us with information to help us serve your needs. The Personal Data that we collect will depend on how you choose to interact with ALDI.
Where you request information about our services
If you request further information about our services, we require you to submit your name, e-mail address, the name of your organization, and the country in which you are based so we may send you the material you have requested, and to enable us to identify whether you have an existing relationship with ALDI.
Where you register with us and/or request services
If you register with the Site, or request a service available on the Site, we may ask you for your name, e-mail address, country, telephone number and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. On the data submission form, we shall indicate by way of an asterisk, which information is optional and which information is mandatory. This information can include information you provide on applications or other forms, which may include your name, address, email address, and payment information.
Individuals should not provide ALDI with any Personal Data that is not specifically requested. Where ALDI receives Personal Data from its subsidiaries, affiliates, or other entities, it will use or disclose such Personal Data in accordance with this Policy.
ALDI may consolidate or aggregate Personal Data in a non-identifiable form (anonymized/pseudonymized data) to help ALDI improve product design and services, and to facilitate other business functions.
DISCLOSURE OF INFORMATION TO OTHERS
Third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Data confidential and secure; and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation, which purposes are as follows:
· To provide the products and services you have requested from us;
· To notify you, or allow our affiliated companies to notify you, of certain products or services offered by our affiliated companies;
· For legal, regulatory, and related purposes; and
· To process transactions through data processing service providers
If these third parties wish to use your Personal Data for any other purpose, they will have a legal obligation to notify you of this and, where required, to obtain your consent. Contact us at email@example.com for more information on these third parties.
In the normal course of performing services for our clients, Personal Data may be shared within ALDI and its affiliates for product and sales-experience improvement purposes, system administration, and crime prevention or detection, or any purpose otherwise identified in this Privacy Statement.
Because a number of the service providers we use are located in the United States, including certain ALDI affiliates, your Personal Data will be processed and stored inside the United States; and the U.S. government, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your Personal Data under U.S. laws.
As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Data, generally is one of the transferred business assets. Also, if either ALDI itself or substantially all of ALDI assets were acquired, your Personal Data may be one of the transferred assets. Therefore, we may disclose or transfer your Personal Data to a third-party in these circumstances.
Other Legally Required Disclosures
ALDI reserves the right to disclose without your prior permission any Personal Data about you if ALDI has a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of ALDI employees, other ALDI clients, or the public; (b) enforce the terms and conditions that apply to your relationship with ALDI; (c) as required by a legally valid request from a competent governmental authority; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Data as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.
Your knowledge of and consent to ALDI’s collection, use, and disclosure of your Personal Data is important. We rely on the following actions by you as indications of your consent to our existing and future Personal Data practices:
· Your voluntary provision of Personal Data to us directly, including through chat with Customer Service or through completing any website forms;
· Your express consent or acknowledgement contained within a written, verbal, or electronic application process; and
· Your verbal consent solicited by ALDI (or our agent) for a specified purpose.
Where ALDI relies on consent for the fair and lawful processing of Personal Data, the opportunity to consent will be provided when the Personal Data in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney.
ALDI maintains servers and other storage facilities in the United States. As a consequence of your relationship with ALDI, your Personal Data may be used or stored in the United States. By using the Site you hereby affirmatively consent to the processing of your Personal Data in a country which may not have the same level of privacy protection as your country of residence.
Subject to certain legal or contractual restrictions and reasonable notice, you may withdraw this consent at any time. ALDI will inform you of the consequences of withdrawing your consent. In some cases, refusing to provide certain Personal Data or withdrawing consent for ALDI to collect, use, or disclose your Personal Data could mean that we cannot provide the requested services or information to you.
If you wish to withdraw your consent please refer to the contact information section below.
However, there are a number of instances where ALDI does not require your consent to engage in the processing or disclosure of Personal Data. ALDI may not solicit your consent for the processing or transfer of Personal Data for those purposes which have a statutory basis, such as:
· The transfer or processing is necessary for the performance of a contract between you and ALDI (or one of its affiliates);
· The transfer or processing is necessary for the performance of a contract, concluded in your interest, between ALDI (or one of its affiliates) and a third party;
· The transfer or processing is necessary, or legally required, on important public interest grounds; for the establishment, exercise, or defense of legal claims, or to protect your vital interests; or
· The transfer or processing is required by applicable law.
For Sensitive Personal Data, ALDI will provide individuals the opportunity to affirmatively and explicitly authorize or consent to the collection, processing, transfer, or disclosure of their Sensitive Personal Data to a non-Agent third party; or the use of their Sensitive Personal Data for a purpose other than the one for which the individual originally consented.
ALDI will not disclose your Personal Data to third parties except as otherwise stated in this Privacy Statement.
Accountability for Onward Transfers: ALDI will obtain assurances from its Service Providers and Affiliates that they will safeguard Personal Data consistent with this Privacy Statement. An example of appropriate assurances that may be provided by Service Providers and Affiliates includes a contractual obligation that the Agents provide at least the same level of protection as is required by ALDI’s privacy principles set out in this Statement. Where ALDI has knowledge that a Service Provider or Affiliate is using or disclosing Personal Data in a manner contrary to this Privacy Statement, ALDI will take appropriate steps to prevent or stop the use or disclosure. ALDI also complies with the Privacy Shield Principle regarding liability for onward transfers.
In addition, ALDI may transfer Personal Data outside of its country of origin for the purposes, and in the manner, set out above; including for processing and storage by Service Providers and Affiliates in connection with such purposes. In all situations, ALDI takes reasonable steps to ensure that your privacy is protected. Such steps include, but are not limited to: implementing privacy, security, and contractual controls; as well as steps noted above, as required by applicable law. To the extent that any Personal Data is sent out of an individual’s country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country, consistent with the Principles.
Security: ALDI has implemented reasonable physical, technical, and managerial controls and safeguards to keep your Personal Data protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to: the encryption of data in motion using industry-standard protocols, encryption of information while it is in storage using industry-standard protocols, firewalls, access controls, separation of duties, and similar security protocols.
Data Integrity and Purpose Limitation: ALDI will use Personal Data only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. ALDI will have appropriate steps in place to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. ALDI will only store Personal Data for as long as it is needed to fulfill the purposes for which it was collected, subject to applicable data retention periods imposed upon ALDI by applicable law.
Access and Correction: Access to Personal Data is limited to a restricted number of ALDI employees whose duties reasonably require such information, Agents with whom ALDI contracts to carry out business activities for ALDI, and, with an individual’s consent, certain companies with which ALDI may conduct joint programs. ALDI trains its employees on the importance of privacy and how to handle and manage Personal Data appropriately and securely. Personal Data handled by ALDI Agents, or companies with which ALDI may conduct joint programs, is governed by this Privacy Statement and the Principles.
Upon written request, ALDI will grant individuals access to Personal Data that it holds about them, subject to any legal or third party restrictions. In addition, ALDI will permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete, subject to certain exceptions provided by law. In some instances, applicable law or regulatory requirements allow or require ALDI to refuse to provide some or all of an individual’s Personal Data. In addition, Personal Data may have been destroyed, erased, or made anonymous in accordance with ALDI’s record retention obligations and practices. In the event that ALDI cannot provide an individual with access to his/her Personal Data, ALDI will endeavor to provide the individual with an explanation, subject to any legal or regulatory restrictions.
Recourse, Enforcement and Liability
Individuals may contact ALDI regarding any question or complaint regarding the collection, processing, and transfer of their Personal Data under the Privacy Shield by completing and submitting the ALDI Privacy Inquiry Form. ALDI will promptly investigate and respond to complaints within 45 calendar days of their receipt. ALDI will attempt to resolve complaints, disputes and requests to revoke consent regarding collection, processing, transfer, and disclosure of Personal Data in accordance with this Privacy Statement and the Principles.
ALDI will conduct periodic compliance audits of its relevant privacy practices to verify adherence to this Privacy Statement.
Independent Recourse Mechanism
Privacy Shield-related complaints or disputes that cannot be resolved between ALDI and the complainant will be handled through the JAMS dispute resolution process. ALDI has engaged JAMS as an independent recourse mechanism. JAMS is an independent organization, whose mission is to build user trust and confidence by promoting the use of fair information practices. In the event that ALDI is unable to resolve a complaint or dispute to the satisfaction of the complainant, the complainant may make an online request for dispute resolution assistance by JAMS at www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim, or by mail at the following address:
3800 Howard Hughes Parkway
Las Vegas, Nevada 89169
Such online or regular mail request to JAMS must include the following information: (i) the name of the company; (ii) the alleged privacy violation; (iii) contact information of the complainant; and (iv) whether the complainant would like the particulars of the complaint shared with ALDI. The use of this independent recourse mechanism is at no cost to you.
In the event that you cannot fully resolve your complaint through the Department of Commerce, it is possible that you may use binding arbitration as a final resort. In order to invoke this arbitration option you must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with ALDI and afford us an opportunity to respond to the issue within 45 days; (2) make use of the independent recourse mechanism, in this case JAMS, which is at no cost to you; and (3) raise the issue through your Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue.
This arbitration option may not be invoked if your same claimed violation (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which you were a party; or (3) was previously settled by you and us. In addition, you may not invoke this option where the Data Protection Authority of the country of your residence already has jurisdiction to resolve your complaint.
You may initiate binding arbitration, subject to the pre-arbitration requirements provision above, by delivering a “Notice” to the organization. The Notice shall contain a summary of steps taken to resolve the claim, a description of the alleged violation, and, at the choice of the individual, any supporting documents and materials and/or a discussion of law relating to the alleged claim. For more information on how to invoke arbitration under the Privacy Shield Framework, please visit www.privacyshield.gov/article.
Finally, you may only use binding arbitration to ensure ALDI follows the data handling practices set out in this Policy. No other form of remedy is available by any arbitration under this section.
Any questions or concerns regarding handling of Personal Data under the Privacy Shield, or related to revocation of consent to collect, process, transfer, or disclose their Personal Data should be directed by email to firstname.lastname@example.org.
Any requests to opt-out of future communications from ALDI, or to opt-out of a particular ALDI program, should be directed to ALDI by e-mail at email@example.com.
Alternatively, letters may be sent to the following address:
Attn: Customer Service Privacy Matters
1200 North Kirk Road
Batavia, IL 60510
All communications to ALDI should include the individual’s name and contact information (such as e-mail address, phone number, or mailing address), and a detailed explanation of the request. E-mail requests to delete, amend, or correct Personal Data should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the e-mail. ALDI will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law.
Changes to ALDI Privacy Statements
ALDI reserves the right to amend this Privacy Statement from time to time to reflect technological advancements, legal and regulatory changes, and ALDI’s business practices, subject to applicable laws. If ALDI changes its privacy practices, an updated version of this Privacy Statement will reflect those changes. ALDI will provide notice of such changes by updating the effective date listed on this Privacy Statement. It is your responsibility to check this Privacy Statement frequently to view any amendments. Your continued interaction with ALDI in the activities covered above will be subject to the then-current Privacy Statement.
Last Updated: 10/31/2018