Online Privacy Statement Natra België (ENG)




Last review date: 31/10/2018


  1. Who does this privacy statement apply to?


1.1          This Privacy Statement applies to the following Belgian companies of the Natra group (jointly: “Natra Belgium” or “We”):

Natra Malle nv Nijverheidsstraat 13, 2390 Malle Company number: 0417.570.350
Natra Chocolate Belgium nv Nijverheidsstraat 13, 2390 Malle Company number: 0523.950.745
Natrajacali nv Brugsesteenweg 95, 8450 Bredene Company number: 0433.882.879

1.2          The Natra-group is a leading international food company specialized in the production and distribution of cocoa-derived products and chocolate products. The Natra-group consists of several related companies that may process personal data.

An overview of the companies belonging to the Natra group can be found on the website of the group:

1.3          All Belgian Companies of the Natra-group are separate and independent legal entities. Depending on the processing activity in the context of which personal data are processed, they may be qualified as a separate data controller or a joint controller with each other or one or more of the other Natra group Companies.

1.4          With this Privacy Statement we would like to inform you about why and how we process your personal data when we perform our business activities, who we give that information to, what your rights are and who you can contact for more information or queries.

This Privacy Statement focuses on all persons whose personal data we process in the framework of our business activities, such as – but not limited to – (contact persons of) suppliers, (potential) customers, visitors, business contacts etc.

If you would like to obtain more information on the privacy policy of the whole Natra-group, please click this link:

1.5          We are committed to protect the personal data that are submitted to us and to process these data in an open and transparent manner, in particular with respect of the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”).

Please follow the links below for further information.

For which purposes do we process personal data?

Based on which legal grounds do we process your personal data?

            What are your rights?

How do we obtain personal data?

Which personal data do we collect?

To whom can your personal data be disclosed?

Are your personal data protected?

How long are your personal data retained?

Are your personal data used for automated decision making?

How to contact us?

Changes to this Privacy Statement


2.1          We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:


  • customer and supplier management;
  • order and supply management;
  • invoicing and accounting;
  • supply chain management;
  • the provision of information on our company, products, services and special offers;
  • the good organisation of our services;
  • sales;
  • dealing with enquiries, requests and complaints;
  • dispute management;
  • public relations;
  • statistics and market research;
  • security;
  • quality management;
  • ICT-management;
  • access control;
  • logistics;
  • compliance with our legal obligations (e.g. related to food safety).



3.1          We can process your personal data for the purposes mentioned above:

  • when necessary to conclude and perform contracts to which you are party, including (but not limited to) accounting, invoicing and deliveries;
  • when necessary to comply with legal obligations (e.g. related to food safety);
  • for the purposes of the legitimate interests of the Company and/or of a third party, including (but not limited to) our business activities, customer and supplier management after having determined the balance of interests. If you would like more information about this, you can always contact us.


3.1.1      If we have the legal obligation to obtain your free, informed, specific and unambiguous consent to process your personal data for certain purposes, we will only process your data for such purposes to the extent that we have obtained such consent from you.



4.1          You have several rights concerning the information we hold about you. We would like to inform you that you have the right to:

  • obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data if you believe that there is no (longer a) lawful ground for us to process it;
  • withdraw consent to our processing of your personal data (to the extent such processing is based on consent);
  • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
  • object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing.

4.2          In order to exercise any of your rights, you can:

  • send an e-mail to
  • address a written request to Karen Hendrickx, Nijverheidsstraat 13 2390 Malle

You may also use these contact details if you wish to make a complaint relating tot he processing of personal data.

4.3          If you are unhappy with the way we have processed your personal data, you have the right to file a complaint with the Data Protection Authority (“DPA”) of the member state you usually reside in.



5.1          We may obtain your personal data in the framework of the execution of our business activities.

5.2          We may obtain such personal data because you give them to us (e.g. by contacting us etc.), because others give them to us (e.g. third party service providers that we use in the framework of our business activities or your employer) or because they are publicly available.

We may also obtain personal data by the way you interact with us.

5.3          When we obtain personal data from external parties, we make reasonable efforts to enter into contractual clauses with these parties obliging them to respect the data protection legislation. This can be done by obliging this party to provide you with all necessary information or – if necessary – to obtain your consent for processing the personal data as described in this Privacy Statement.




6.1          The personal data we collect may include:

  • standard identification- and contact data (e.g. name, address (private/work), telephone number (private/work), e-mail address (private/work));
  • identification data generated by the company (e.g. a personal number);
  • electronic identification data (e.g. IP-addressees, browser type etc.);
  • personal characteristics (e.g. age, gender, date of birth, place of birth, nationality, language …);
  • financial specifics (e.g. bank account number, credit worthiness …);
  • life style and social circumstances;
  • family circumstances (e.g. marital status …);
  • employment and educational data (e.g. the organisation you work for, your job title, training, …);
  • the information you provided to us through all possible service and communication channels;
  • data on how you use our products and services;
  • data you provide us when you show an interest in our products and services;
  • data related to your visits to one of our sites;
  • camera images;
  • data about how you interact with us and other similar information (e.g. reports on customer visits).




7.1          We may disclose your personal data to each other, to affiliated companies of the Natra-group or to third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined above. The following external parties may for instance be involved:

  • external service providers we rely on for various business services;
  • law enforcement and government authorities in accordance with the relevant legislation;
  • external professional advisors (e.g. attorneys or consultants).


7.2          We don’t disclose your personal data to parties who are located outside the European Economic Area of which the legislation doesn’t offer the same level of data protection.



8.1          We employ strict technical and organizational (security) measures to protect your information from access by unauthorised persons and against unlawful processing, abuse, accidental loss, destruction and damage.

8.2          These measures include among other things:

  • training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
  • administrative and technical controls to restrict access to personal data to what is strictly necessary;
  • technological security measures, including camera surveillance, network security, passwords, fire walls, anti-virus software and encryption;
  • physical security measures, such as locked cupboards.


8.3          Although we use appropriate security measures once we have received your personal data, the transmission of data – especially over the internet (including by e-mail) – is never completely secure. We endeavour to protect personal data, but we cannot completely guarantee the security of data transmitted to us or by us.

We limit access to your personal information to those who we believe reasonably need to come into contact with that information in order to carry out their jobs.



9.1          Your personal data will not be retained longer than necessary for the purposes described above.

9.2          As a general rule, records in the framework of our business activities that may contain personal data (e.g. contracts, orders, complaints, correspondence etc.) are stored for a period of 10 years.

Depending on the specific situation and the applicable national legislation, we may however retain your personal data for a longer period. This will in particular be the case if any of the following periods is longer: (i) as long as is necessary for the related activity or service; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation might arise.

9.2.1      Camera images are kept for 30 days unless a breach is found on them. In this case we keep the images for as long as needed related to a possible claim or legal procedure.


10.1       Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.

10.2       As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.



11.1       If you have any further queries about this Privacy Statement and the Sites in general, you can contact us by:

  • sending an e-mail to
  • addressing a written request to Karen Hendrickx, Nijverheidsstraat 13 2390 Malle



12.1       We may modify this Privacy Statement from time to time.  To let you know when we make changes to this Privacy Statement, we will amend the revision date at the top of this page. The modified Privacy Statement will apply from that revision date.

Please check this page periodically to see changes and additions.