Global privacy notice*
This Notice explains how, when and why we collect and use your personal data when you interact with Givaudan.
‘Personal data’ is any information or set of information that can identify you as an individual whether directly or indirectly such as your name, address, telephone number, email address as well as any other information about you that Givaudan may obtain from you directly or indirectly.
We are committed to being transparent in the way we collect and use your personal data and how we protect it. We also recognise your need for reasonable control of your personal data.
This is why this Notice explains you in details:
- Who is responsible
- Application of this Notice
- What personal data we collect and how we use it
- How we protect it
- Your rights
- Other important information you need to know
When appropriate we will provide a just-in-time notice to cover any additional processing activities not mentioned in this Privacy Notice. In addition, we may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy notices, forms and other notices.
If you disclose data to us or share data with us about other individuals such as family members, co-workers, etc., we assume you are authorised to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.
Who is responsible
The Data Controller is the legal entity which is responsible for the personal data collected from you. It determines the means and the purposes of the processing of your personal data, that is how, when and why it collects and uses your personal data. Givaudan is a multinational company operating around the globe. The Data Controller for your personal data will depend on who you are:
If you are a visitor of this website or an investor, the Data Controller is Givaudan International SA, Chemin de la Parfumerie 5, 1214 Vernier, Switzerland.
If you are a customer or a supplier, the Data Controller is the legal entity that manages your business relationship with Givaudan. This information can be found on the invoice or purchase order you receive or in the agreement you have entered into with Givaudan.
For any other individuals, with the exception of employees and contractors working on Givaudan sites, the Data Controller is the legal entity that manages your relationship with Givaudan. This information can be found in the agreement you have entered into with Givaudan or can be obtained from your contact person at Givaudan.
The list of Givaudan legal entities and their details is available in our latest annual report. For any questions with respect of this Notice, please contact our Group Data Protection Officer.
Application of this Notice
This Notice applies to you when you interact with Givaudan in the course of a prospective or ongoing business relationship, when you visit our websites, when you use the technology we make available to you (e.g. when you visit a Givaudan site) or when you connect to certain platforms, applications or other solutions under our control or when you join any offline or online events organised by us. This Notice does not apply to Givaudan employees or other individuals working on Givaudan sites nor to job applicants who may refer to the privacy notice on Givaudan job portal and on Givaudan intranet. For any other individuals, the collection and use of your personal data may be subject to a specific privacy notice. Please reach out to your Givaudan contact person for more details or contact us.
What information do we collect and what do we do with it?
We collect personal data in two ways:
- Directly from you
- Indirectly, through other sources
Directly from you
We may collect and use personal data that you provide us when you interact with us.
For example, your business contact details, including your full name, contact details, your role within your company and your work experience, the country where you work, the products and services that are of interest to you and your company, your opinion and preferences about a product, your communication preferences, your feedback about our services or our organisation.
We also collect the information that you provide to us when you use the contact forms on our website or when you contact our media relations or on paper forms that we ask you to fill during events such as fairs or other marketing events you participate in.
In some cases we may have (video) conferences being recorded for quality assurance purposes and trainings. Such recordings may only be made and used in accordance with our relevant internal policies. You will be informed if and when such recordings take place, including by an indication during the video conference in question. If you do not wish to be recorded, please notify us or leave the (video) conference. If you simply do not want your image to be recorded, please turn off your camera.
Indirectly, through other sources
We also collect information about you indirectly, for example when you browse Givaudan websites, subscribe to our feeds on social media, or otherwise use our network infrastructure and the technology we make available to you. We collect logs about your use of the network, our website (e.g. your view or click on specific content or links or when you click on social media plugins) or the platforms, applications or other solutions we ask you to connect to. We may also collect information such as your IP address, device browser and operating system when you connect to our network infrastructure. We also use cookies to enhance your browsing experience on our websites. Please visit our Cookies policy for more information about how to manage your online privacy.
We also collect information about you from third parties when we acquire other companies for example or from publicly available sources such as information about you made available on your company’s website, or from public registries such as Commercial Registry if such is required to ensure compliance with applicable laws.
When your company wishes to enter into a business relationship with Givaudan, we may perform a third party due diligence during which your company may provide us with information about you such as general background information, your business experience and qualifications, your curriculum vitae, financial interests you may have as a director or officer of your company, any relationship with public officials you may have as well as information about actual criminal convictions, if any, and subject to any restrictions under applicable data protection law.
What do we do with it?
We collect and use your personal data for our legitimate interest to:
| Our purpose is to | You are | The places we collect and process your data at are | The collected |
Manage and maintain our business relationship including to create and maintain an account in our systems (such as systems for order and payment management, customer relationship management, sample management or for any other services supporting our business relationship) or to designate you as the contact person for specific business interactions. We may deploy different measures in some countries to be aligned with local regulation. (Please see deviations in the relevant Annexes). | The contact person for specific business interactions (e.g. when you are designated as the person responsible for commercial questions, payments) | We collect your data through various sources, including but not limited to:
| Your business contact details |
| Manage your orders: for example to ship and process samples or final products and inform you about the status of your order | The contact person for specific business interactions | The same as in the case of ‘Manage and maintain our business relationship’ | Your business contact details |
| Deliver with excellence through our customer care, for example to address any queries you may have and record and share internally such queries to better answer them and improve our products and services in the future | The contact person for specific business interactions | The same as in the case of ‘Manage and maintain our business relationship’ | Your business contact details |
| Analyse your feedback and opinion about our products in order to always improve them or develop new ones | The contact person for specific business interactions | The same as in the case of ‘Manage and maintain our business relationship’ | Your business contact details |
| Operate a customer relationship management system (CRM) in which we keep the data of customers, suppliers and other business partners that is required for relationship management | The customer representative and the contact person for specific business interactions | The same as in the case of ‘Manage and maintain our business relationship’ | Your business contact details |
| Analyse your complaint in order to always improve our services or develop new ones | The customer | We collect your data through complaint you made to us | Your business contact details and any other personal data requested through the contact form |
| CCTV - We have cameras that film the common areas within the perimeter of the companies | The Supplier (Vendors / Service Providers) | We collect images captured by the surveillance system directly from Individuals | Videos Pictures |
| Access control for visitors and third parties. After authorising the entrance of the visitor and/or third party, a registration is made with the following information. | The visitors and third parties who enter the premises of Givaudan or its affiliates | We collect your data directly from you | Your employment information Your government identifiers Your personal identification Your pictures |
| Comply with laws, directives and recommendations from authorities and internal regulations and to conduct risk management and as part of our corporate governance, including business organisation and development (Compliance and Due Diligence) | The customer representative and the contact person for specific business interactions | The same as in the case of ‘Manage and maintain our business relationship’ | Your business contact details |
Manage and maintain our business relationship, including to create and maintain an account in our systems (such as systems for order and payment management, customer relationship management, sample management or for any other services supporting our business relationship) or to designate you as the contact person for specific business interactions.
We may deploy different measures in some countries to be aligned with local regulation.
Manage your orders: for example to ship and process samples or final products and inform you about the status of your order
Deliver with excellence through our customer care, for example to address any queries you may have and record and share internally such queries to better answer them and improve our products and services in the future
Analyse your feedback and opinion about our products in order to always improve them or develop new ones
Improve your experience on our websites
Manage your inquiries when contacting our media or investors relations or when contacting us via the contact form on our website or when using one of our channels for raising complaints
Send you marketing communications and newsletters about our activities and products that may be of interest to you in the course of our business relationship or when you so requested
We may also share your personal data with:
| Our purpose is to | You are | The places we collect your data at are | The collected data is |
| Manage your inquiries when contacting our media or investors relations or when contacting us | The person who initiates the contact with us | The contact form on our website or when using one of our channels for raising complaints
| Your business contact details and any other personal data requested through the contact form |
| Send you marketing communications and newsletters about our activities and products that may be of interest to you in the course of our business relationship or when you so requested | The person who subscribes to our newsletters and other communication channels | Any Givaudan form which serve for subscription | Your business contact details and any other personal data requested through the contact form |
| Enable your participation at any Givaudan event (both online and offline) | The person who expresses their intent in any way to participate at Givaudan event(s) | Any Givaudan form which serve for subscription | Your business contact details and any other personal data requested through the contact form |
Create your account at the GivConnect platform based on your request and to facilitate your product search and sample requests | The contact person for specific business interactions | Consent form shared by Givaudan representatives | Your name Your corporate email address Your corporate phone/mobile number |
| Access control for visitors and third parties. After authorising the entrance of the visitor and/or third party, a registration is made with the following information. | The visitors and third parties who enter the premises of Givaudan or its affiliates | Consent to process sensitive information Consent to process other personal data where it is legally required | Your personal data and biometric data |
You can object to such contacts at any time or refuse or withdraw consent to be contacted for marketing purposes.
You are advised to avoid sharing your private email address/phone number/home address with us as we are not capable of recognising the nature of such data.
We may also share your personal data with:
Givaudan affiliates in order to deliver you better services which may be provided within or outside of your country. As a global company, our employees in various sites may need access to your personal data in order to deliver you better services through streamlined processes.
Third party service providers that provide solutions and services for our organisation to help us delivering with excellence. For example, these services providers may help us to (i) deliver emails or other communications, (ii) develop and host some of our solutions (iii) provide customer services or payment services or (iv) assist us in background checks, fraud prevention and risk assessment, (v) enable your subscription to our newsletter, face-to-face or online events or other marketing channels, (vi) provide CRM solutions to facilitate contact and to support you in your choice of our products and services (delivering product samples)
We may also share your personal data:
- in connection or in the course of a merger or a sale or acquisition of a business
- when we are legally required to do so by a competent authority. We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests. This may include health data. These authorities act as separate controllers.
We do not sell your personal data to third parties.
On what basis do we process your personal data?
Where we ask for your consent for certain processing activities, we will inform you separately about the relevant processing purposes. You may withdraw your consent at any time with effect for the future. Where you have a user account, you may also withdraw consent or contact us also through the relevant website or other service, as applicable.
Where we do not ask for consent for processing, the processing of your personal data relies on the requirement of the processing for initiating or performing a contract with you (or the entity you represent) or on our or a third-party legitimate interest in the particular processing. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by applicable data protection law (for example in the case of the GDPR, the laws in the EEA and in the case of the DPA, Swiss law).
Where we receive sensitive personal data (for example health data, data about political opinions, religious or philosophical beliefs, and biometric data for identification purposes), we may process your data on other legal basis, for example, in the event of a dispute, as required in relation to a potential litigation or for the enforcement or defence of legal claims. In some cases, other legal basis may apply, which we will communicate to you separately as necessary.
What applies in case of profiling?
We may automatically evaluate personal aspects relating to you (profiling), where we wish to determine preference data, but also in order to detect misuse and security risks, to perform statistical analysis or for operational planning. We may also create profiles for these purposes, i.e. we may combine different categories of data relating to you in order to better understand you as a person with your various interests and other characteristics. We may also create anonymous and – with your consent – personalised motion profiles of you.
If you are our customer, we may, for example, use «profiling» to determine which other products are likely to be of interest to you based on your purchases. Profiles may also be used for marketing, for example, or for security purposes.
In both cases, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. Where these can produce legal effects concerning you or similarly significantly affect you, we generally ensure human review.
How is it protected – Security of your personal data
We consider your personal data as confidential information. We deploy technical and organisational measures to secure your personal data and ensure that it is protected from unlawful access, alteration and loss. Organisational measures mean for example that we ensure that only the persons who need to do so for business purposes, have access to your personal data. Technical measures mean that we perform regular checks on our infrastructures but also on our service providers to ensure that they comply with Givaudan security policies.
Your rights
You are in control of your personal data.
Right to access and to correct. You have the right to request a copy of the personal data we hold about you by contacting us. We make regular checks to ensure we keep your personal data up-to-date. However, we need your help in doing this, so please contact us if you want to correct personal data that you have provided us with.
Right to object and to restrict. You have the right at any time to object to the processing of your personal data (e.g. when you do not wish to receive direct marketing communications or newsletters from us). Under certain circumstances, you also have the right to obtain the restriction of the processing of your personal data (e.g. until an inaccuracy in your personal data is corrected by us following your request).
Right to erasure. If you no longer wish us to process your personal data, you may contact us. We may however retain certain of your personal data for compliance with applicable laws and regulations and in accordance with our data retention rules.
Right to lodge a complaint. We make our best to be transparent, protect your personal data and offer you as much control as we can. If however you deem that we did not do it in compliance with applicable privacy and data protection laws, you can contact us. You also have the right to lodge a complaint with the data protection supervisory authority in your country or in the country where your Data Controller is located.
Right to control Cookies and other technologies on our websites. When you first visit our websites, you are asked to consent to the use of cookies and other technologies. You can manage your choice at any time. Please visit our Cookies policy to learn how to keep control of your online activity.
You also have these rights in relation to other parties that cooperate with us as separate controllers – please contact them directly if you wish to exercise your rights in relation to their processing.
Other important information
Data retention
We retain your personal data for as long as it is necessary for each of the purposes outlined above. We may however retain certain of your personal data for compliance with applicable laws and regulations (e.g. for tax and audit purposes) and in accordance with our data retention rules. Where it is no longer required to retain data that can still identify you, we will either erase, anonymise or aggregate it so that you may no longer be identifiable as a single individual.
International data transfers
We operate as a global company and rely on service providers to support our global solutions. Therefore, we may transfer your personal data outside of the European Economic Area (“EEA”) if that is appropriate to achieve any of the purposes set out in the overview above “What do we do with it?”.
If we transfer your personal data outside of the EEA, we will make sure that your personal data is protected by the following safeguards:
- the laws of the country to which your information is transferred ensure an adequate level of data protection; or
- the transfer is subject to data protection clauses approved by the European Commission.
Changes to this Notice
The most recent version of this Notice is on this page. We may modify this Notice at any time without notice, except if such modifications contain substantial changes that may affect individuals’ rights under applicable privacy and data protection laws, in which case you will be notified of such changes at the beginning of this page.
Contact
In case you have further questions about this Notice, please get in touch with our Group Data Protection Officer. You can also write to us at:
Givaudan International SA
Attn: Group Data Protection Officer
Chemin de la Parfumerie 5
1214 Vernier
Switzerland
Country provisions
* Does not apply to employees or candidates
Approved: 27 November 2017 – Last updated: 15 February 2024