OSI Privacy Policy
Last Updated: June 17th, 2024
OSI Group and its U.S.-based affiliates, OSI Industries, LLC and Amick Farms, LLC (collectively “OSI” or “We”) respect your privacy and are committed to protecting it through our compliance with this Privacy Policy (“Privacy Policy”).
This Policy describes the types of personal information we may collect from you, how that information is collected, used, retained and protected, and how you may contact us if you have any questions or concerns.
- Information Collected
- Use of Information Collected
- Sharing and Transfer of Information
- Children’s Privacy
- Your Choices
- Retention and Security of Personal Information
- Links to Other Sites and Social Media
- Transfer of Personal Data Between Countries
- Changes to our Privacy Policy
- Transparency Document (Art. 13 and 14 GDPR)
- Data Privacy Frameworks
- Contact Us
This Privacy Policy may change from time to time (see Changes to our Privacy Policy below). Your continued use of the Site after we make changes constitutes your acceptance of those changes.
- Information Collected
o Information You Knowingly Provide.
We collect the information you knowingly provide to us, for example, when you submit an application for employment with us, fill in forms on our websites (collectively ‘Sites’), communicate with us via email addresses specified on our Sites, or when you contact us about our products or services. Such information may include your personal information. Personal information is any information by which you may be personally identified, such as your name, postal address, telephone number, email address, date of birth, Social Security Number, employment, financial or health information and any other information defined as personal or personally identifiable information under an applicable law.
o Information Automatically Collected Through Technologies.
We may use automated technology to collect information from your computer system or mobile device when you visit our facilities or use our Sites. Such information may include your operating system or browser type, screen resolution, language, city and country to create reports for system administration. We do not receive personally identifiable information from the use of automated technology.
Automated technology may include cookies, web beacons and similar tracking technologies. A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user. A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. They are also sometimes referred to as pixels and tags.
o Information from Other Sources.
We may collect information about you from other companies and organizations. For example, we may need to obtain personal information about you from third parties in order to process your job applications. We may also collect information that is publicly available. For example, we may collect information about you when you interact with us through social media.
- Use of Information Collected
We may use information collected for purposes described in this Privacy Policy or as otherwise disclosed to you on our Sites or in connection with our business operations. For example, where permitted under applicable law, we may use the information that you provide or about you to:
o Provide and deliver products and services you request;
o Communicate with you regarding your orders, purchases, accounts, employment applications or promotions entries;
o Respond to your comments and questions and provide customer service;
o Operate and improve our Sites, products, and services;
o Protect against, identify and prevent fraud and other crime, claims and other liabilities;
o Comply with applicable law; and
o Any other purpose you have authorized.
- Sharing and Transfer of Information
We do not sell your personal information and only share your information as described in this Privacy Policy.
o OSI Group Family. We may share your information within the OSI Group family. The OSI Group family includes OSI, our subsidiaries and affiliates. Members of the OSI Group family who receive this information from us are not authorized to use or share the information, except as set out in this Privacy Policy.
o Third Party Vendors. We may share your information with vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, auditing, compliance, and corporate governance functions.
o Legal Obligations and Rights. We may share your information in connection with: (i) the establishment, exercise, or defense of legal claims; (ii) to comply with laws or to respond to lawful requests and legal process; (iii) to protect the rights and property of OSI, our agents, customers, and others, including to enforce our agreements, policies, and terms of use; (iv) to detect, suppress, or prevent fraud; (v) an emergency to protect the personal safety of OSI, its customers, or any person; or (vi) as otherwise permitted by applicable law.
o Business Reorganization or Sale. We may, for strategic or other business reasons, decide to sell or transfer all or a portion of our business. As part of that sale or transfer, we may pass information we have collected and stored, including customer information, to anyone involved in the sale or transfer.
o We may share your information for any other purposes with your consent.
We may also share aggregated or anonymized information in a form that does not directly identify you.
OSI is a global company. Given the global nature of both the internet and OSI’s operation, using the internet to collect and process personal information may entail transmission of the information across country borders. By submitting your personal information to us via the Site, you agree that we may export your personal information to one or more of our offices in other countries and process it there in accordance with this Privacy Policy and the local applicable laws and regulations.
Except as provided herein, OSI does not sell, transfer or otherwise share your personal information with other third parties.
- Children’s Privacy
Our Sites are not intended for children under 13 years of age. We do not knowingly collect information from children under 13. If you believe that we might have any information from or about a child under 13, please contact our compliance representative listed below and we will use reasonable efforts to promptly delete the child’s information from our records.
- Your Choices
We do not share personal information with third parties for their own direct marketing purposes. You are in control of any personal information you provide to us. If at any time, you would like to access, correct or delete your personal information in our records, you may do so by contacting our compliance representative listed below. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Notice to California residents under 18 years of age
If you are a registered user of online services under the age of 18, and we have actual knowledge of your age, then under California law you may request and obtain removal of certain content or information you have posted on our online services. To do so, please contact us at the address, phone number or email address below. Please note that removal does not ensure complete or comprehensive removal of the content. For example, removal may not be possible or permitted if another provision of law requires the content to be maintained, if it was posted or reposted by others, or if we paid compensation to you in exchange for the posting.
- Retention and Security of Personal Information
OSI will retain your personal Information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws and your consent to such purpose remains valid after termination of our relationship with you.
We are committed to taking appropriate measures designed to keep your personal information secure. While we will take reasonable steps to safeguard your personal information against accidental, unlawful or unauthorized loss, access, use, alteration, disclosure or destruction, no website, mobile application, computer system, or transmission of information over the internet or any other public network can be guaranteed to be 100% secure.
We urge you to be careful online. This includes not sharing your user names and passwords. Any transmission of personal information by you through such mediums is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on those mediums.
- Links to Other Sites and Social Media
Please note that our Sites may contain links to third party websites for your convenience and information. OSI does not control or endorse those sites or their privacy practices, and this Privacy Policy does not apply to third party websites. We encourage you to review the privacy policy of those third party websites before providing your personal information to them.
- Transfer of Personal Data Between Countries
OSI is a global company. To make international communication possible, your personal data may be transferred to or accessed by entities around the world. OSI complies with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.
The OSI entity that controls your personal data may differ depending on where you live. For example, personal data from European OSI employees may be controlled by various OSI entities as reflected on their websites. If you do not reside in the U.S., your personal data may be processed by OSI Group, LLC on behalf of the OSI entity controlling personal data for your jurisdiction.
Personal data relating to individuals in the European Union, European Economic Area, the United Kingdom, and Switzerland may be controlled by OSI International Holding GmbH or OSI Foods GmbH & Co. KG. International transfer of personal data collected in the European Union, European Economic Area, the United Kingdom, and Switzerland is governed by Standard Contractual Clauses.
- Changes to our Privacy Policy
OSI reserves the right, at its discretion, to change, modify, add, or remove portions of this Privacy Policy from time to time. The date this Privacy Policy was last revised is identified at the top of the page. We encourage you to visit the Site and check this Privacy Policy periodically for any changes. Your continued use of the Site following the posting of changes to this Privacy Policy will confirm your acceptance of those changes.
- Transparency Document (Art. 13 and 14 GDPR)
Our Transparency Document with all information described by Art. 13 and 14 GDPR is available HERE.
- Data Privacy Frameworks
OSI Group, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OSI Group, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. OSI Group, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The other U.S. entities or U.S. subsidiaries of our organization that are also adhering to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Principles and that are covered are:
OSI Industries, LLC
Amick Farms, LLC
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, OSI Group, LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
The purpose of the processing of general personal data is the handling of all operations which concern the controller, customers, prospective customers, business partners or other contractual or pre-contractual relations between the named groups (in the broadest sense) or legal obligations of the controller, and to organize and provide business activities, business services and shared services to subsidiaries and employees working in group facilities and subsidiaries, including but not limited to HR and financial services, legal services, cybersecurity and IT security services, data hosting, application hosting, auditing, certification and other group related services, and to fulfill general business requirements.
The types of personal data processed by our organization are customer data, data of potential customers, data of employees and data of suppliers. This data may be transferred or disclosed, where required, to public authorities (e.g., invoices to tax authorities if required for tax purposes), external bodies (e.g., to all companies published on our website in the list of (sub) processors, recipients in third countries and international organizations), further external bodies (e.g., lawyers, advisors, auditors, data protection officer), and other bodies (that are not processors, such as shipping and transport companies, banks etc.) and are subject to internal processing (processed by employees of OSI Group LLC), and intragroup processing (processed by employees of subsidiaries of OSI Group LLC and joint ventures).
For applicant’s data, the purpose of data processing is to conduct an examination of the application during the recruitment process. For employee data, the purpose of data processing is the performance of the employment contract or compliance with other legal provisions applicable to the employment relationship (e.g., tax law) as well as the use of the personal data to carry out the employment contract concluded with the data subject (e.g., publication of the data subjects name and the contact information within the company or to customers). After termination of the employment relationship, the purpose of storing employee data is to fulfill the legal retention periods.
We offer you the opportunity to choose (opt out) whether your personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. The clear, conspicuous, and readily available mechanism to exercise your choice is to contact our Data Protection Officer (DPO) by email. We do not provide choice or are obliged to when disclosure is made to a third party that is acting as an agent or processor to perform tasks on behalf of us and under the instructions of us. However, we always enter into a contract with such agent or processor.
For sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), we obtain your affirmative express consent (opt in) if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by you through your exercise of opt-in choice. In addition, we treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
We hereby inform you about the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
To transfer personal information to a third party acting as a controller, we comply with the Notice and Choice Principles. We also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by you and that the recipient will provide the same level of protection as the DPF Principles and will notify us if it makes a determination that it can no longer meet this obligation. The contract provides that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
To transfer personal data to a third party acting as an agent or processor, we (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent or processor is obligated to provide at least the same level of privacy protection as is required by the DPF Principles; (iii) take reasonable and appropriate steps to ensure that the agent or processor effectively processes the personal information transferred in a manner consistent with our obligations under the DPF Principles; (iv) require the agent or processor to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the DPF Department upon request.
We hereby inform data subjects about the relevant European Data Protection Authorities designated to address complaints concerning our organization’s handling of personal data and that we provide appropriate recourse free of charge to the affected individual:
- The EU Lead Data Protection Supervisory Authority (responsible for EU/EEA Data Subjects) is: BayerischesLandesamtfür Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.
- The Data Protection Authority of Switzerland (responsible for Data Subjects from Switzerland) is:EidgenössischerDatenschutz- und Öffentlichkeitsbeauftragter, Feldeggweg 1, 3003 Bern, Switzerland.
- The UK Data Protection Supervisory Authority (responsible for Data Subjects from the UK) is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
We inform all data subjects that our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Data subjects have the possibility, under certain conditions, to invoke binding arbitration. Our organisation is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that the data subject has invoked binding arbitration by delivering notice to our organization and following the procedures and subject to conditions set forth in Annex I of Principles. We hereby inform all data subjects about our organization’s liability in cases of onward transfers to third parties.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, OSI Group, LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
For any questions by data subjects or Data Protection Supervisory Authorities we designated the following local representatives:
Identity and contact details of the EU representative (Article 27 GDPR): Prof. Dr. h.c. Heiko Maniero, Franz-Joseph-Str. 11, 80801 München, Bayern, Germany, E-Mail: [email protected]
Identity and contact details of controller’s UK representative (Article 27 UK-GDPR): Prof. Dr. h.c. Heiko Maniero, 120 High Road, East Finchley, N2 9ED, London, England, United Kingdom, E-Mail: [email protected]
Identity and contact details of controller’s representative in Switzerland (Art. 14 FDPA): Prof. Dr. h.c. Heiko Maniero, c/o Cancellarius AG, Pflanzschulstrasse 3, 8400 Winterthur, Switzerland, E-Mail: [email protected]
All data subjects who are temporarily in the European Union (EU), the European Economic Area (EEA) or the United Kingdom, or who have their domicile or habitual residence there, are entitled to the rights and data subject rights which are published in our Transparency Document, which also arise from Articles 15 to 22 GDPR, including the right to access personal data. We have made this information available in all EU and EEA languages. The English language version applies to the United Kingdom.
All data subjects who are temporarily resident in Switzerland or have their domicile or habitual residence there are entitled to the rights and data subject rights under the Swiss Data Protection Act (DPA) and the Swiss Data Protection Regulation (DPR) which are published in our Transparency Document, including the right to access personal data. We have provided this information in the three official languages of Switzerland (German, Italian and French).
- Contact Us
OSI Group, LLC
Attn: Compliance Representative
1225 Corporate Boulevard
Aurora, IL 60505
USA
Fax: 630.851.0927
E-mail: [email protected]