For the purpose of this Policy, the term “Personal Information” includes any information that relates to you as an identifiable individual, such as your name, personal address, telephone number and e-mail address (although the precise scope of this term may differ between the data protection laws of different jurisdictions/regions). The term “process” means any activity relating to Personal Information, including, by way of example, collection, storage, use, consultation and transmission. “Sensitive Personal Information” is Personal Information that is defined as “sensitive personal information” or “special category data” under applicable data privacy laws which, depending on the jurisdiction, may include Personal Information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying someone, data concerning health and data concerning someone’s sex life or sexual orientation, or social security number.
If you do not want your Personal Information processed as detailed in this Policy, please do not use the Website or the Services. Please note that your use of the Website is also subject to a Legal Notice that is posted on the Website for your review.
If you have any questions about this Policy, including any requests to exercise your legal rights, or if you require more detail about the legal bases for processing your Personal Information, please contact us using the details set out at the end of this Policy.
For residents of applicable U.S. states, please see our supplemental privacy notice.
- Information gathered by Saputo
We may where relevant collect, use, store, disclose and transfer different kinds of Personal Information about you which we have grouped together as follows:
Personal Information type
Types of information included in group
“Business Contact Data”
Includes business contact details such as name, job title, telephone number, e-mail address, business address, organisation, correspondence history, order history, sales history, trade passes and licences, permit to work, proof of ID/background information and documents, lifestyle, social circumstances and personal preferences (including in relation to the use of Personal Information, diet and marketing communications), reasonable adjustments or accommodations, expenses, payment records and details, meeting records, social media records (e.g. LinkedIn profile).
Includes moving and still images and audio recordings captured by CCTV devices.
Includes address, e-mail address, telephone numbers and social media contact details.
Includes information provided when entering into a contest with us, such as your name, address and e-mail address, and for contest winners, may include supplemental information, such as other Personal Information in identification documents.
Includes records of your correspondence with us (including e-mails, mail correspondence, web contact forms/details and social media correspondence), incident number and call recordings.
Includes details of your health and wellbeing, illness or injury.
Includes first name, last name, marital status, title, date of birth, gender, location, job title and the number or alphanumeric number issued to you by any governmental authority.
Includes your interests, preferences, behaviours, hobbies, activities, household or lifestyle information, feedback, opinions and survey responses.
Includes information provided when you purchase a product or service directly or indirectly from Saputo (either from a Saputo group company or an entity selling Saputo group company products), such as name, title, address, e-mail address, telephone number, billing and payment details (including credit/debit card information), details of your order, delivery details and products you have purchased.
Number of shares held, shareholding history, related correspondence history, payment history.
Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website and/or otherwise use our Services.
Includes information about how you use our Website and social media pages and/or use our Services.
Includes information collected about visitors to our premises and sites, such as name, organisation representing, entry/exit time, access card records, relevant and necessary health details (e.g. for reasonable adjustments or accommodations), signature, purpose of visit, the person you are attending our premises/site to visit, other people you are visiting with and vehicle details.
We may anonymise your Personal Information (the “Anonymized Information”), which means it can no longer be associated with you nor make you identifiable directly or indirectly. We may therefore use the Anonymized Information indefinitely and for any legitimate purpose (and share it with third parties) without further notice to you nor the need to obtain your consent. Such uses and sharing include:
- for research or statistical purposes
- to tailor the experience of our Website and/or Services, help Saputo analyse interest in areas of the Website and the browsing patterns of its users in order to improve the content, operation and design of the Website and get data for statistical purposes to improve the Website and/or Services.
Sensitive Personal Information
Sensitive Personal Information is a type of particularly sensitive Personal Information that requires higher levels of protection. Depending on the jurisdiction, we need to have further justification for collecting, transferring, storing and/or otherwise using this type of Personal Information. We have safeguards in place which we are required by law to maintain when processing such data.
Apart from the types of Sensitive Personal Information that may be collected from you in accordance with this Policy, we do not knowingly collect any other such Sensitive Personal Information about you.
- How is your Personal Information collected?
We collect Personal Information about you from the following sources (please see section 1- Information gathered by Saputo above for an explanation of the different types of information included in the data categories mentioned below):
- From you. You may give us your Identity Data, Contact Data, Profile Data, Correspondence Data, Contest Data, Sales Data, Business Contact Data, Visitor Data, Health Data and Shareholder Data by corresponding with us, including by mail, telephone and e-mail or via a contact form or otherwise on the Website or a message on social media, by interacting with us as part of your job or through an interview process, by visiting the Website and/or by using Services or by entering into a contest we are holding.
- Third parties or publicly available sources. We may receive Personal Information about you from various third parties and public sources including:
- Identity Data, Contact Data, Profile Data and Health Data from third parties, such as a store from which you bought one of our products, if you ask for details of your complaint, query or feedback to be passed to us for investigation or resolution.
- Business Contact Data from your employer or another member of your organisation.
- Technical Data from analytics providers such as Google.
- Identity Data, Contact Data, Profile Data and Sales Data and from third parties, such as fraud prevention agencies who may gather information from publicly available sources including voting registers or from social media.
- Sales Data from third party payment providers such as banks and payment platforms.
- Automated technologies or interactions. Subject to your agreement, if you interact with our Website or social media pages, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Information by using cookies, server logs and other similar technologies. Please see section 7 – Cookies, web beacons and analytical services below for further details.
You may also be asked to provide Personal Information on our Website or when you otherwise use our Services or interact with us. Personal Information can be gathered when you fill out and send feedback forms or send e-mails to Saputo, or when you register for our press releases, newsletters, contests and/or publication list and/or when you communicate with us by means of the “Contact Us” tool.
If you fail to provide Personal Information
If you contact us with a complaint or request but refrain from providing certain Personal Information when requested, we may not be able to help you, investigate the issue raised or respond to or resolve your complaint or request. We will use reasonable efforts to notify you if this is the case.
- How is your Personal Information used?
We have set out below a description of all the ways we process your Personal Information, and which of the “legal bases” we rely on to do so (we are required by certain privacy laws, including the United Kingdom General Data Protection Regulation (“UK GDPR”), to always have a permitted reason or justification (called a “lawful basis”) for processing your Personal Information). In certain jurisdictions, including Canada, our main legal basis is your consent (which may be express or implied depending on the circumstances), except if a consent exception applies.
Legal basis for processing, including basis of legitimate interest
To enable us to investigate and deal with your complaint, question, feedback or compliment.
(a) Necessary to comply with a legal obligation
(c) Necessary for the performance of a contract
(e) Necessary for reasons of substantial public interest
To provide feedback to our business on the performance of our products and staff, and as needed to investigate any product issues.
(a) Necessary for our legitimate interests (e.g. for quality monitoring and product improvements, new product development and investigations and for customer service monitoring)
(d) Necessary for reasons of substantial public interest
To check for fraud or malicious or unfounded claims.
(a) Necessary for our legitimate interests (prevention of fraudulent claims)
To manage our relationship with you which may include:
(b) Notifying you about changes to our Policy if we choose to contact you directly in order to do so.
(a) Necessary to comply with a legal obligation
To administer and protect our business and the Website and the Services as applicable (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
(a) Necessary for our legitimate interests (e.g. for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To use data analytics to improve our Website and Services (as applicable).
Necessary for our legitimate interests (e.g. to keep our Website and means of delivering Services updated and relevant)
To comply with our legal requirements.
Necessary to comply with a legal obligation
To deliver to you by e-mail or by post press releases and publications and to notify you of products or special offers that may be of interest to you.
(b) Necessary for our legitimate interests (e.g. to promote our business)
To Publish external facing materials for marketing and public relations purposes, such as where we mention individuals in our marketing materials, social media posts and press releases.
(a) Necessary for our legitimate interests (e.g. to promote our business)
(a) Necessary for our legitimate interests (e.g. prevention of misuse and to maintain security)
To run contests.
Necessary for our legitimate interests (e.g. to increase consumer engagement)
To enable people to visit our sites and premises.
(a) Necessary for our legitimate interests (e.g. to enable business to be conducted on our premises, to enable social/educational visits)
(b) Necessary to comply with a legal obligation
To maintain the security of our sites, premises and Services.
Necessary for our legitimate interests (e.g. keeping our sites and premises secure, keeping our staff and visitors safe and deterring and reporting criminal activity)
To conduct business with our customers/suppliers.
(a) Necessary for our legitimate interests (e.g. to enable us to purchase products and services required for the running of our business and to ensure that function is efficient; or to enable to sell products)
(b) Necessary to comply with a legal obligation
(c) Necessary for the performance of a contract
To make reasonable adjustments and accommodating for health/diet/religious requirements.
- How is your Personal Information disclosed?
We generally do not share Personal Information with any third parties, other than as necessary for third parties to perform services on behalf of Saputo. However, we may share personal information with third parties with your consent or where required or permitted by applicable law. The categories of third parties with whom we share Personal Information include the following:
- we hire third parties to provide limited services on our behalf website hosting, marketing, administering surveys, processing, mailing and delivering orders, and sending information about our products and services;
- professional advisers, including lawyers, auditors and insurers who provide ad hoc legal, auditing and insurance services;
- advisors and fraud prevention agencies to provide fraud detection services;
- courts, court-appointed persons/entities, receivers and liquidators;
- business partners and joint ventures;
- trade associations and professional bodies;
- governmental/state departments and agencies, anti-fraud organisations, statutory and regulatory bodies, including law enforcement bodies;
- if you opt in, to analytics and marketing service providers, as further detailed in section 7 – Cookies, web beacons and analytical services below; and
- banks and other financial services bodies.
However, such third parties are obligated to maintain the confidentiality of Personal Information (unless, for example, they have a legal obligation to share it) and are required to maintain appropriate security measures to protect Personal Information.
We may also share your Personal Information with other entities in our group of companies as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for our general business purposes, for authorisations/approvals with relevant decision makers, to enable other entities to provide support for our business tasks such as responding to queries, for system maintenance support and hosting of data and to provide legal and audit services.
We also reserve the right to share, assign, or transfer your Personal Information to any of our subsidiaries or other affiliates or to any successor in interest to our business by merger, sale of assets, reorganization, operation of law or otherwise.
Additionally, if you provide Saputo with content for publishing or feedback, we may publish your username, name and/or location.
- Transferring Personal Information to other jurisdictions
We and some of our third-party suppliers may transfer or process your Personal Information outside of your home jurisdiction to a location in the world that may not have privacy laws which meet the same standards as your local laws. To help ensure that your Personal Information receives an adequate level of protection, we have put in place the following measures to ensure that your Personal Information is treated by those third parties in a way that is consistent with and which respects our commonly adopted internal practices on data protection:
- where required, agreements/additional contractual clauses with the relevant counterparty as approved in accordance with the relevant data protection law to protect the Personal Information transferred outside your home jurisdiction; or
- we have ensured that an exemption/derogation from the usual restrictions is in place.
If you require further information about these protective measures, please contact us using the contact details at the end of this Policy.
- How long will you retain my Personal Information?
We will only retain your Personal Information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal or reporting requirements.
To determine the appropriate retention period for Personal Information, we consider several factors, including the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of the Personal Information, the purposes for which we process the Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Cookies, web beacons and analytical services
- Do Not Track
On our Websites, we have implemented a cookie “door” to ensure your cookie preferences and any preferences entered through our applications are honoured, and thus we do not sell or share or sell your personal information derived from cookies or applications for cross context behavioural advertising without your consent. We also have tools in place to detect and honour requests made using the Global Privacy Control (“GPC”) signal as requests to opt-out of the sharing of personal information to the extent required by applicable law. If you wish to manage your cookie preferences, please go to our Cookie Consent Manager or make a request using one of the methods outlined below under the Data Subject Rights heading.
- Other websites
- Security and Data Governance
Saputo takes appropriate measures to protect information from unauthorized access, collection, use, disclosure, copying, modification or disposal. While Saputo puts in place reasonable measures to protect information, we cannot guarantee at all times the security of such information. No method of transmitting or storing data is completely secure, particularly with regard to Internet applications. We recommend that you do not use unsecure channels to communicate Personal Information or confidential information to us.
Saputo also maintains policies and practices which ensure the protection of Personal Information. Depending on the volume and sensitivity of the information, the purposes for which it is used, and the format in which it is stored, we implement a combination of measures to protect Personal Information, including:
- Internal policies and procedures that define the roles and responsibilities of our employees throughout the information life cycle and limit their access to such information on a “need-to-know” basis;
- A designated privacy officer to monitor Saputo’s compliance with applicable data protection laws;
- Employee privacy and data security training;
- Procedures for receiving, investigating and responding to complaints or inquiries regarding Saputo’s information handling practices, including any security incidents involving Personal Information;
- Framework governing the retention and destruction of personal information, as more fully described in Section 6 - How long will you retain my Personal Information? of this Policy;
- Contractual protections and other measures to ensure that service providers with whom we share Personal Information maintain adequate privacy protections and standards.
Saputo also performs privacy impact assessments in certain circumstances if required by applicable privacy laws to ensure adequate mitigation measures are in place.
Saputo uses reasonable efforts to ensure that personal information in our possession is kept as accurate, complete and up to date as possible. We do not routinely update Personal Information, unless such an update is necessary. In order to help us maintain and ensure that your personal information is accurate and up to date, we ask you to inform us, without delay, of any change in the information you provide to us.
Unless expressly stated otherwise on any of our Websites, Saputo does not knowingly collect Personal Information from children under the age of 14 years old or prescribed under applicable local laws. Children are not permitted to use the Website and / or our Services, and Saputo requests that children do not submit any Personal Information to Saputo or the Website. If we learn we have collected or received Personal Information from a child, we will delete that information.
- Data Subject Rights
If you have requested to be on a mailing list and you wish to cancel that request, you can communicate with Saputo’s Communications Department by e-mail at firstname.lastname@example.org or, if it’s an e-mail mailing list, by clicking “unsubscribe” at the bottom of the e-mail.
Under certain circumstances and depending upon your jurisdiction, by law you may have the right to:
- Request access (or to know) to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you (as well as some related details) and to check that we are lawfully processing it.
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure or deletion of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to hold or otherwise process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes.
- Request the restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request that we cease disseminating your Personal Information to the extent required by law.
- Request that we de-index any hyperlink attached to your name that provides access to Personal Information by a technological mean or de-index a link providing access to Personal Information, in each case to the extent required by law.
- Request the transfer of your Personal Information to another party.
- Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to help you, investigate the issue raised or respond to or resolve your complaint or query.
In some circumstances there may be specific legal reasons why we are not able to comply with your request to exercise your rights. Where this is the case, we will inform you of this.
If you wish to exercise any of the rights set out above, please contact:
6869 Métropolitain Blvd. East
Saint-Léonard QC H1P 1X8
You will not usually have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive subject to the applicable data privacy laws. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within a timely manner. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Depending on the country and local jurisdiction in which you are a resident, you may have the right to make a complaint at any time to your relevant Data Protection Authority. For example, in Québec it is the Commission d’accès à l’information and in the UK it is Information Commissioner’s Office (and if UK data protection law applies to you, you have a right to make a complaint with them). We would, however, appreciate the chance to deal with your concerns before you approach your relevant Authority, so please contact us in the first instance.
- Modifications to this Policy
Saputo reserves the rights to modify this Policy at any time without prior notice (although we may contact you to let you know of any changes). If we make material changes to the way in which we use Personal Information we collect, depending on the country and local jurisdiction in which you are a resident, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Website and/or Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law. If you do not agree to any updates to this Policy please do not access or continue to use the Website and/or Services. We encourage you to review this Policy whenever you use the Website and/or Services, especially when you provide any Personal Information.
- Contact us
If you have any questions about this Policy or our practices or about Saputo’s handling of your information, you can contact us by e-mail at email@example.com. Please provide a sufficiently detailed question or description of your concern.
Last revised: November 9th , 2023