1. Controller and contact information

The controller is the Finnish company Paulig Ltd (business registration number: 0112563-0) or one of the companies belonging to the Paulig group. All together and each separately, they are hereinafter referred to as "Paulig". The controller is the company of the Paulig group with which you have engaged in a business relation or other relation. A list of the companies belonging to the Paulig group from time to time is available here

Our contact details in Privacy Policy matters are:  

Paulig Ltd / privacy matters
Satamakaari 20
FIN – 00980 Helsinki
FINLAND
privacy@paulig.com 
Tel: +358 9 319 81

Please do not hesitate to contact us if you have any questions, concerns or ideas related to our personal data procedures.

2. For what purposes do we process your data and based on which grounds?

This Privacy Policy covers the processing of personal data of representatives of our customers, potential customers, consumers, representatives of our business partners and other interest groups, including representatives of suppliers, organizations offering services to Paulig, the press, other stakeholders and visitors to our premises. This Privacy Policy covers the processing of personal data related to all Paulig’s business operations under all Paulig brands as well as the private label and other operations, unless otherwise stated.

In the following we explain the differences in each category. One or more roles and purposes may apply to same personal data simultaneously.

2.1 Customers, potential customers and consumers

Providing products and services and customer relationship management

Paulig may use your personal data to provide products and services for you. This includes, for example, when you purchase our products on behalf of your organization, use our digital services, subscribe to our newsletters, and participate in our events.  

Paulig also uses your personal data to manage, analyze and improve the customer relationship with the organization you represent. This category of processing includes the following processing contexts:  

  • Customer relationship management, such as concluding, implementing, and possibly modifying the contract between us and the organization you represent and maintaining and developing the customer relationship. This also includes communication related to the customer relationship, such as providing customer service, sending notifications and other content related to our customer relationship or products or services, important alerts and other notices regarding our products or services or surveys. We can also ask feedback on our products or services and respond to requests and inquiries from representatives of customers or prospects using various channels. The legal basis for this processing is our legitimate interest to conduct our business and your relationship with the organization with which we have established a customer relationship regarding our products or services.  
  • Invoicing: This involves managing invoices and payments based on our legitimate interest in conducting our business and maintaining our relationship with the organization with which we have established a customer relationship regarding the use of our products or services.
  • Organizing events, such as various seminars and trainings, based on our legitimate interest to process personal data for purposes related to organizing the event in question. If you provide us with special categories of personal data in this context, such as information about allergies or special dietary requirements that can contain health-related information, the basis for processing is your explicit consent. 
  • Sales: Promoting the sale of our products and services either on our initiative or on the initiative of a representative of a prospect based on our legitimate interest to promote our business. We also conduct additional sales to our existing customers, targeting the representatives of our customers based on our legitimate interest to promote our business.
  • Compliance with obligations under applicable legislation, such as tax or cybersecurity related obligations and responding to requests from authorities based on, for example, tax, cybersecurity, or accounting legislation or other mandatory legislation. The basis for processing in this case is the relevant provision of the applicable law.  
  • Ensuring compliance with the contract and monitoring for misuse: Ensuring and monitoring compliance with the contract between us and the organization you represent, as well as investigating suspected misuse, where the basis for processing is our legitimate interest to conduct our business and protect our legitimate interests related to it.
  • Enabling the use of our websites: When you visit our websites, we may process your personal data to provide you with the opportunity to use our website and its functions, and to ensure the security, functionality, and stability of the website. This includes for example processing to detect potential misuse and attacks that compromise the security of our website. The basis for processing is our legitimate interest and the legitimate interest in question is one of the purposes mentioned above. The collection and further processing of your personal data on our website generally occurs also using automatic technical means, such as cookies and similar technologies, which generally requires your consent. If you want more information about the use of cookies on our website, please refer to the additional information about the cookies we use by clicking the cookie settings button at the bottom of our website.
     

Marketing to you

Paulig may contact you to enhance your experience with Paulig by informing you of products, services, or promotions Paulig may offer. Paulig may use your personal data to personalize our offering and to provide you with more relevant content. This means for example making recommendations and to display customized content and advertising in our services (e.g. websites, applications and marketing e-mails) and in third party services (e.g. banner advertisements).  

The legal basis of processing for marketing purposes is our legitimate interest, particularly to promote the sale of our products and services and to increase the recognition of our business, products and services. The basis for processing personal data can also be your consent, for example, if you subscribe to our newsletter or if the marketing is based on data collected on our websites through cookies and you have given your consent to the use of marketing cookies. In addition, if you provide us with information belonging to special categories of personal data, such as information about allergies or special diets, from which health-related information can be deviated, the basis for processing is your explicit consent.  

If you choose to participate in our campaigns (e.g. competitions, giveaways etc.), we may collect your personal data to facilitate your participation, such as contacting winners or distributing products. We will only process personal data for campaign purposes with your explicit consent.

If you have accepted marketing cookies on our websites, we may process your personal data to provide you with relevant marketing content on social media platforms, via email, on websites, or in our services based on your preferences. This type of processing is called profiling, and its purpose is to produce customized marketing, improve your user experience in our services and on our websites, and provide products and services that match our customers' preferences. We may also combine information collected through profiling with other information we have collected based on the customer relationship between us and your organisation. If you want more information about the use of cookies on our website, please refer to the additional information about the cookies we use by clicking the cookie settings button at the bottom of our website.  

Managing and developing products and services

Paulig may use your personal data to manage and develop Paulig’s business operations, including our products and services. Data processing for product and service development purposes can be done anonymously or with identifiers. To the extent that personal data is processed, the processing in these contexts is based on either consent of the data subject (e.g. development activities based on research or surveys) or on our legitimate interest to develop our business, products and services. If you choose to provide us with personal data on your allergies or other health related data, the basis of processing is your explicit consent.  

Other legitimate business interests

We may process your personal data for some other legitimate business interests, such as ensuring and enhancing the security and safety of our information systems, network and premises, protecting our property, preventing misuse, investigating suspected misuse, or for other similar justified purposes. The processing of personal data is based on our legitimate interest, and the legitimate interest in question is the business-related purposes set out above.  

2.2 Interest groups

By interest groups we mean, for example, representatives of suppliers and service providers offering products and services to Paulig, representatives of the press and other stakeholders, and visitors to all Paulig premises.  

Managing, analyzing and improving the relationship

Paulig may use your personal data for managing, analyzing and improving the relationship with you and the organization you represent. This category of processing includes the following processing contexts:

  • Management of the business relationship, such as concluding, implementing, and possibly modifying the contract between us and the organization you represent, and the maintenance and development of the business relationship. This also includes communication related to the relationship, such as sending notifications and other content related to our business relationship, important alerts and other such communications relating to our business relationship. We can also respond to requests and inquiries from you using various channels. The legal basis for this processing is our legitimate interest to conduct our business and your relationship with the organization with which we have established a business relationship regarding products or services.  
  • Management of invoices and payments based on our legitimate interest to conduct our business and your relationship with the organization with which we have established a business relationship.  
  • Organizing events, such as various seminars or trainings, based on our legitimate interest to process personal data for purposes related to organizing the event in question. If you provide us with special categories of personal data in this context, such as information about allergies or special dietary requirements that can contain health-related information, the basis for processing is your explicit consent.   
  • Compliance with obligations under applicable legislation, such as tax and cybersecurity related obligations and responding to requests from authorities based on, for example, tax, accounting, or cybersecurity legislation or other mandatory legislation. The basis for processing in this case is the relevant provision of the applicable law.   
  • Ensuring compliance with the contract and monitoring for misuse: Ensuring and monitoring compliance with the contract between us and the organization you represent, as well as investigating suspected misuse, where the basis for processing is our legitimate interest to conduct our business and protect our legitimate interests related to it.  
  • Enabling the use of our websites: When you visit our websites, we may process your personal data to provide you with the opportunity to use our website and its functions, and to ensure the security, functionality, and stability of the website. This includes for example processing to detect potential misuse and attacks that compromise the security of our website. The basis for processing is our legitimate interest and the legitimate interest in question is one of the purposes mentioned above. The collection and further processing of your personal data on our website generally occurs also using automatic technical means, such as cookies and similar technologies, the use of which generally requires your consent. If you want to know more about the use of cookies on our website, please refer to the additional information about the cookies we use by clicking the cookie settings button at the bottom of our website. 
     

Managing and developing products and services

Paulig may use your personal data to manage and develop Paulig’s business operations, including our products and services. Data processing for product and services development purposes can be done anonymously or with identifiers. To the extent that personal data is processed, the processing in these contexts is based on either consent of the data subject or on our legitimate interest to develop our business, products and services.  

Other legitimate business interests

We may also process your personal data for some other legitimate interests related to our business, such as for ensuring and enhancing the security and safety of our information systems, network and premises, protecting our property, preventing misuse, investigating suspected misuse, or for other similar justified purposes. The processing of personal data is based on our legitimate interest, and the legitimate interest in question is the business-related purposes set out above.  

AI tools are developing, and some of your personal data may be processed by AI tools used by Paulig (such as Copilot in the M365 environment) to assist our knowledge work, help us develop our products and services, or provide you with more relevant content. 

3. What types of personal data we may collect about you?

In the context of the abovementioned processing activities, we may process the following types of data and changes made to these data types:  

3.1 Personal data that may be processed of all data subjects

Basic information, processed for purposes of providing products and services (as applicable), customer or other business relationship management, marketing (as applicable), managing and developing our products and services as well as for purposes of other legitimate business interests of Paulig, including data such as:

  • first and last names
  • contact information (e-mail address, telephone number and/or postal address)
  • gender (e.g. for purposes of personalizing emails or in the context of a survey where we wish to know more about the user for purposes of e.g. product development)
  • language preferences
  • information on when your data was collected
     

Information on communications and other correspondence between you and us, processed for purposes of providing products and services (as applicable), customer or other business relationship management, marketing (as applicable), managing and developing our products and services as well as for purposes of other legitimate business interests of Paulig, including data such as:

  • information on campaigns, promotions and other communication directed to you, as well as their use, including participation in events
  • interests and other information or survey data provided by you
  • direct marketing choices
  • information of the use of Paulig’s digital services as well as digital content created by you and your interactions with our digital services
  • automatically collected data (e.g. IP Address, your device's operating system, browser type and language)
  • mobile device identifiers (e.g. your unique device ID and your device name)
  • recordings of customer service telephone conversations as well as e-mail and chat correspondence  

If you have given your explicit consent, we may process your personal data on allergies or special dietary requirements (e.g. for the purposes of attending our event or research on our products).  

3.2 Representatives of customers

In addition to the list in point 3.1 Paulig may collect the data types listed below, processed for purposes of providing products and services, customer or other business relationship management, marketing, managing and developing our products and services as well as for purposes of other legitimate business interests of Paulig:  

  • title and/or job description of current and previous jobs related to Paulig’s customer relationships
  • name and business information of the organization you work for currently or previously, in relation to Paulig’s customer relationship
  • subscription, purchase and feedback history
     

3.3 Representatives of potential customers

In addition to the list in point 3.1, the personal data that may be processed of representatives of potential customers includes data such as:  

  • title and/or job description of current job
  • name and business information of the organization you work for currently
  • information about your previous employment at an organization that is Paulig’s customer
     

3.4 Consumers

In addition to the list in point 3.1, the personal data that may be processed of consumers includes data such as:  

  • subscription, purchase and feedback history, processed for purposes of e.g. our product reclamation management and response process
  • date of birth, if provided voluntarily
  • social media user names  
  • activities in or related to Paulig’s channels (e.g. social media)
     

3.5 Interest groups

In addition to the list in point 3.1 Paulig may collect the data types listed below, processed for purposes of business relationship management, managing and developing our products and services as well as for purposes of other legitimate business interests of Paulig:  

  • title and/or job description of current and previous jobs related to Paulig’s business relationship
  • name and business information of the organization you work for currently or previously, related to Paulig’s business relationship
  • content you have created related to Paulig (e.g. news articles written by you)
  • your own confirmation of your health status when visiting Paulig’s production premises for purposes of ensuring food and product safety at our production premises
  • car details on Paulig’s production premises in order to monitor inbound and outbound traffic (e.g. to ensure that the right vehicle has received the right amount of goods)  

4. What sources do we use to gather your personal data?

4.1 Sources applicable to all data subjects

Paulig gathers personal data directly from you, for example, from:  

  • website forms (e.g. marketing promotions, newsletter subscriptions, campaigns, feedback forms, research and survey participation)  
  • mobile applications
  • physical forms e.g. in events and stores
  • telephone conversations, e-mail correspondence and chat services
  • customer service communications
     

When you visit our website, we use cookies and other similar automated technologies to collect personal data. If you want to know more about the use of cookies on our websites, please refer to the additional information about the use of cookies by clicking the cookie settings button at the bottom of our website.  

In some cases, we may also collect personal data from other sources. These sources may include, for example, marketing partners, public sources, or services maintained by third parties, such as data services provided different service providers.  

4.2 Representatives of customers

In some cases, we receive personal data from other representatives of your organization, for example, when the contact details of a customer's contact person become outdated (e.g. when the contact person changes, the previous contact person usually provides us with the new contact person's details). In situations where the contact person's details have become outdated and we do not have new contact information, we may also e.g. search for information on the customer's website. Paulig also gathers personal data from Paulig’s online shops.

4.3 Representatives of potential customers

Paulig may gather personal data from companies’ and organizations’ websites, trade register or similar sources maintained by authorities, social media and from other public sources.  

4.4 Consumers  

Paulig may gather personal data from Paulig’s social media channels about content related to Paulig’s business categories.

4.5 Interest groups

Paulig may gather personal data from companies’ and organizations’ websites, trade register or similar sources maintained by authorities, social media and from other public sources.   

5. To whom may we transfer and assign your personal data? 

Paulig does not sell, lease or otherwise disclose your personal data to third parties outside of Paulig unless otherwise stated below. 

Paulig may share your personal data with authorized third parties that perform services for Paulig for the purposes described in this Privacy Policy within the limits of the applicable legislation. This may include, for example, providing services such as customer service, software services, managing and analyzing personal data, conducting research and surveys, managing and executing diverse campaigns, and organizing events.  

Because Paulig takes the responsibility to safeguard your personal data seriously, Paulig does not allow those companies to use it for any purpose other than to perform those services, and Paulig requires them to protect your personal data in a way consistent with this Privacy Policy. 

Paulig may share your personal data with carefully considered third parties for joint or independent direct marketing purposes. Sharing of your data for such purposes may in principle only happen when the planned purposes of the third party are not incompatible with Paulig’s purposes described in this Privacy Policy. Only the minimum necessary amount of your personal data is shared with third parties. We may also disclose personal data, for example, to a collection agency for debt collection purposes or to other service providers or partners, but only to the extent that the performance of their tasks requires the processing of the disclosed personal data. The recipients of the data may act as independent data controllers or as joint controllers together with us.  

Paulig may share your personal data based on a valid order from a court or other official body with sufficient authority. The police and other authorities may request access to personal data from us. In these cases, we will disclose the data only if there is a legal obligation, a court order, or a similar compelling duty. We may also disclose personal data if the disclosure is necessary to present legal claims or to defend against such claims, either in court proceedings or in administrative proceedings.  

Paulig may share your personal data as part of any merger, acquisition, sale of company assets or transition of service to another provider. This also applies in the unlikely event of an insolvency, bankruptcy or receivership in which your personal data would be transferred to another entity as a result of such a proceeding. 

6. Is your personal data transferred to countries outside the EU?

Paulig’s services may be provided using resources and servers located in various countries around the world. Therefore, Paulig may transfer your personal data outside the country where you use our services, including to countries outside the EU and EEA that do not have laws providing specific protection for personal data or that have different legal rules on data protection.  

In such cases, Paulig ensures that a legal basis for such a transfer exists and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard contracts approved by relevant authorities, in particular the EU Commission’s standard contractual clauses (where necessary), and by requiring the use of other appropriate technical and organizational information security measures. The standard contractual clauses are available here

7. How long do we process your personal data?  

Paulig will retain personal data only for as long as necessary to achieve the purposes for which the personal data was collected, in accordance with applicable legislation. When we no longer need the personal data, we delete the data from our systems or anonymize it irreversibly.  

Below are general retention periods applicable to all data subject groups:  

  • Visits to our premises: Personal data collected and stored for visits to our premises will be deleted no later than at the end of the 1st calendar year following the visit.  
  • Events: Personal data collected and stored for and at events, including information about participants and leads, will be deleted no later than at the end of the 1st calendar year following the event.  
  • Customer service: Personal data stored for customer service purposes will be deleted no later than at the end of the 1st calendar year after the last recorded interaction with the customer service.
  • Marketing: Personal data stored for marketing purposes will be deleted no later than at the end of the 1st calendar year following the last the recorded activity. However, personal data processed for marketing purposes based on your consent, for example, if you have subscribed to a newsletter, may be retained until you withdraw your consent.  
  • Research and surveys: Personal data processed for the purposes of research or surveys will be processed for the duration of the research or survey, and until the end of the 3rd calendar year thereafter.
     

Please also note that the retention periods may vary depending on the country in which the controller, i.e., each particular Paulig group company is established. If you wish to gain further information on the retention periods of a specific Paulig group company, please contact Paulig’s privacy team (contact information in section 1).

More information on some retention periods for personal data of each different sub-group can be found below. 

7.1 Customers

The retention period for the personal data of our customers’ representatives is ultimately tied to the duration of the customer relationship between us and the organization you represent, after which the personal data is deleted in accordance with our defined processes. However, we may continue to retain personal data even after the defined retention period to the extent that the data is necessary and the processing justified, for example, to protect our rights.  

The general minimum retention period for the personal data of our customers’ representatives is 3  years from end of the calendar year in which contract with the customer was terminated. If the customer’s contact person changes, we will delete the previous contact person’s data from our data systems within a reasonable time after the change.  

The actual contract documents, which may also contain personal data, are retained for at least 10 years from the end of the calendar year in which the contract terminated. This also applies to all communication that is part of the contract or clarifies the content of the contract. Personal data recorded in documents considered part of accounting material, such as invoices, are retained until the end of the calendar year when the invoice was issued and 6 years thereafter, based on accounting legislation.  

After the above specified timeframe has ended, Paulig may process part of your personal data and consider you a representative of a potential customer. Please note that personal data may also be retained for a longer period if retention is justified due to an appropriate connection between us and the data subject or the consent given by the data subject, for example, for marketing purposes, and the person has not objected to the processing or withdrawn their consent.  

7.2 Potential customers

Paulig may process your personal data continuously as Paulig aims at building a customer relationship with the organization you represent. Once the customer relationship has started, the duration of the processing is defined as in point 7.1 above regarding customers.  

7.3 Consumers

Campaigns: Personal data processed for the purposes of running a campaign (e.g. competition, giveaway, etc.), we will process during the campaign and until the campaign has ended, and until the end of the 1st calendar year following the end of campaign.

Product reclamation management: Personal data processed for purposes of our product reclamation management and response process will be processed for the duration of processing your reclamation and until the end of the 3rd calendar year following thereafter.

7.4 Interest groups

The retention period for the personal data of the representatives of our business partners and other interest groups (e.g. suppliers and third party service providers) is ultimately tied to the duration of the business relationship between us and the organization you represent, after which the personal data is deleted in accordance with our defined processes. However, we may continue to retain personal data even after the defined retention period to the extent that the data is necessary and the processing justified, for example, to protect our rights.  

The general minimum retention period for the personal data of the representatives of our business partners and other interest groups is 3 years from the end of the calendar year in which the contract or the business relation with the organization you represent was terminated. If the contact person of the business partner changes, we will delete the previous contact person’s data from our data systems within a reasonable time after the change.  

The actual contract documents, which may also contain personal data, are retained for at least 10 years from the end of the calendar year in which the contract terminated. This also applies to all communication that is part of the contract or clarifies the content of the contract. Personal data recorded in documents considered part of accounting material, such as invoices, are retained until the end of the calendar year when the invoice was issued and 6 years thereafter, based on accounting legislation.  

8. How can you exercise the different types of rights you have?  

All rights can be exercised by contacting Paulig’s privacy team by using the contact details issued at section 1 above. The team will then give further instructions on how to exercise a specific right. Where Paulig has reasonable doubts concerning the identity of the person making the request, Paulig may request the provision of additional information necessary to confirm your identity.

Paulig will provide information on action taken on a request to you within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

  • Right of access to your personal data: You have the right to obtain from Paulig confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, receive information about your personal data. 
     
  • Right to rectification: You have the right to obtain from Paulig without undue delay the rectification of inaccurate personal data concerning you. 
     
  • Right to erasure ('right to be forgotten'): You have the right to obtain from Paulig the erasure of personal data concerning you without undue delay where one of the following grounds applies:  
    • your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
    • you withdraw consent on which the processing is based and where there is no other legal ground for the processing
    • you object to the processing and there are no overriding legitimate grounds for the processing
    • your personal data have been unlawfully processed
    • your personal data have to be erased for compliance with a legal obligation in Union or member state law to which Paulig is subject, or
    • the personal data have been collected in relation to the offer of information society services.

      However, you do not have the right or erasure if the processing is necessary:
    • exercising the right of freedom of expression and information,
    • for compliance with a legal obligation which requires processing by Union or member state law to which Paulig is subject, or
    • for the establishment, exercise or defense of legal claims.
       
  • Right to restriction of processing: You have the right to obtain from Paulig restriction of processing where one of the following applies:  
    • the accuracy of the personal data is contested by you, for a period enabling Paulig to verify the accuracy of the personal data
    • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
    • Paulig no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
    • you have objected to processing pending the verification whether the legitimate grounds of Paulig override those of you.
       
  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests pursued by Paulig, including profiling. Paulig shall no longer process the personal data unless Paulig demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms for the establishment, exercise or defense of legal claims.  
    • Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.  
    • Please be aware that you cannot opt out of receiving service messages from Paulig, including but not limited to security and legal notices.
       
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to Paulig, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where:  
    • the processing is based on consent or on a contract, and
    • the processing is carried out by automated means. 

9. Is it mandatory for you to disclose your personal data to us?

Where your personal data is necessary for Paulig in order to fulfil its contractual obligations related to a contract, disclosing your personal data to us is mandatory. For example, you cannot make purchases on behalf of your organization without disclosing the necessary personal data.  

10. How can you withdraw your consent? 

You may withdraw possible consent by contacting Paulig’s privacy team (contact information in section 1) or by using possible electronic means provided by Paulig.  

11. Do we make decisions affecting you based on automated means?  

Paulig does not make decisions based solely on automated processing which produces legal effects concerning you or similarly significantly affect you. 

12. Do we process your personal data in order to profile you?  

Paulig may target (and measures the performance of) ads to its websites’ and applications’ visitors and users as well as newsletters recipients based on profiling both on and off of Paulig’s services through a variety of ad networks and exchanges, using the following data, whether separately or combined:

  • data from advertising technologies on and off of our services, like web beacons, pixels, ad tags, cookies, and device identifiers
  • information provided by you (e.g. contact information)
  • data from your use of our services (e.g. search history, clicking on an ad, etc.)
  • information from others (e.g. advertising partners and data aggregators),
  • information inferred from data (e.g. using job titles to infer seniority or names to infer gender). 

13. How can you exercise your right to lodge a complaint to the supervisory authority?  

In case you suspect a breach of data protection legislation, please contact Paulig’s privacy team first (contact information in section 1).  

In case the matter is not solved amicably between you and Paulig, you may contact the supervisory authority in the EU member state of your habitual residence, your place of work or the place of the alleged infringement, or of the country where the Paulig entity in question operates. Contact information of the competent authority of each Paulig’s operation country can be found here.  

14. What are our principles for securing your personal data?  

Paulig has established technical and administrative safeguards designed to make the data collected secure.  

Only appointed personnel of Paulig and of organizations operating by Paulig’s assignment or on behalf of Paulig are entitled to take part in the processing of personal data. All persons taking part in the processing have a personal right of use granted by Paulig or its co-operation partner. Different levels of access have been created based on the data a person needs according to their job description. Systems are protected with a firewall that prohibits unauthorized access outside of Paulig, as well as with other appropriate technical and organizational measures.

All personnel of Paulig and its subcontractors are obliged to keep the personal data which they obtain in their work confidential. Manually processed documents containing personal data are protected against unauthorized access. 

15. What law do we apply for processing personal data?  

The processing of personal data in Paulig’s filing system is governed by the EU’s applicable data protection legislation as well as national laws of countries where Paulig is established. 

16. How can we update this Privacy Policy?

Paulig may modify this Privacy Policy from time to time as needed. Unless otherwise provided by mandatory applicable legislation, we may not notify changes to the data subjects in person. We therefore encourage you to check this Privacy Policy from time to time for possible changes.