Privacy and Cookie Policy

Cocoa Beans

Privacy and Cookie Policy

Barry Callebaut (“Barry Callebaut” or “we”) is committed to protecting your privacy. We handle personal data in compliance with the EU General Data Protection Regulation (GDPR) and all applicable local privacy laws in the countries where we operate. We strive to apply the highest data protection standards across our organization. This Privacy Policy explains how we collect, use, and safeguard personal information obtained through our websites, social media platforms and events for purposes such as marketing and lead qualification. We value transparency and fairness in processing your data, and we ensure that all personal data is processed lawfully, fairly, and in a transparent manner.

Who is the Data controller?

The data controller responsible for processing your personal data on this websites is Barry Callebaut AG, headquartered at Hardturmstrasse 181, 8005 Zurich, Switzerland. Barry Callebaut AG (together with its affiliates) determines the purposes and means of processing your personal data collected via this site. 

If you have any questions or requests regarding your personal data, you can contact us at the above address or through our websites’s contact page. We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance. You may reach our DPO by emailing [email protected] or by writing to the postal address above (Attn: Data Protection Officer).

What do the processing and this privacy policy cover?

This Privacy Policy covers all personal data collected through Barry Callebaut’s websites and social media platforms in the context of marketing and lead qualification activities. In other words, it applies to information you provide or that we collect when you interact with our websites for business inquiries, marketing communications, and related purposes. This includes personal data submitted via website forms (e.g. contact forms, newsletter sign-ups, event registrations) and data gathered about your browsing on our site that we use to identify potential customers or engage with you about our products and services.

Please note that this policy specifically addresses website visitor data for marketing and lead management; it does not govern other types of data processing (such as employee data or data collected through other services or offline interactions) which may be covered by separate privacy notices.

What types of data do we collect and process?

We collect several types of personal data through our websites, including:

  • Contact information: For example, your name, email address, telephone number, job title, company name, and country/region. These details are typically collected when you fill out forms on our site (such as a “Contact Us” or download form).
  • Preferences and interests: Information you share about your product preferences, areas of interest, or communication preferences. For instance, you might let us know what products or solutions you are interested in, or whether you want to subscribe to our newsletters.
  • Business details: If you provide information related to your company or role (such as industry, company size, or purchasing needs) as part of an inquiry or lead form, we will collect that data to better qualify and understand your needs.
  • Website usage data: When you visit our site, we automatically collect certain data about your device and how you use the websites. This includes technical information like your Internet Protocol (IP) address, browser type and language, device identifiers, and the dates/times of access, as well as behavioral information such as the pages you view, links you click, and the path you take through our site . This usage data may be collected via cookies and similar tracking technologies (described in the Cookies section below).
  • Communications: If you correspond with us (for example, via email or chat from the websites), we may keep records of that correspondence, which could include personal contact details and the content of your communications.

We do not intentionally collect sensitive personal data (such as information about health, race, religion, or political opinions) through the marketing sections of our websites. We ask that you refrain from providing such sensitive information in any website forms. All personal data that you do choose to provide to us or that we collect about your website's activity will be handled in accordance with this Policy.

Why do we collect and process this data?

Barry Callebaut uses the personal data collected via the websites for the following marketing and lead management purposes:

  • Lead management and qualification: To follow up on your inquiries or requests and to identify potential business opportunities. For example, if you submit your contact details to download a whitepaper or request information about our products, we will use that data to contact you, understand your needs, and determine how our products or services could suit your business (this is often referred to as qualifying a sales lead).
  • Marketing communications: To send you information and updates about our products, services, promotions, or events. These communications may include newsletters, press releases, product announcements, event invitations, or other marketing emails. We will only send you such communications if you have opted in to receive them or if another legal basis applies (see 06. What are the legal basis for these processings?), and you can unsubscribe at any time.
  • Customer engagement and service: To personalize your experience and build our relationship with you. For instance, we may remember your preferences and interactions (such as which products you’ve shown interest in) so that our sales or customer service teams can provide more tailored responses. If you are an existing customer or become one, we may use your data to manage the account, provide support, and keep you updated about services or training that might benefit you.
  • Segmentation and analytics: To analyze our audience and improve our marketing strategy. We may group (segment) leads and customers based on characteristics like industry, location, or previous interactions. This helps us tailor our marketing efforts—for example, by sending relevant content to specific customer segments—and avoid sending irrelevant information. We also perform analytics on websites usage and campaign performance to understand what content is most useful to our visitors. By combining data you provide with information from cookies or other sources, we gain insights that help enhance our marketing and research activities .
  • Market research and development: To conduct internal research and develop our products and services. Personal data from the websites (especially aggregated data or feedback you provide) may be used to improve our offerings and inform our business strategy . For example, understanding which product pages are most visited can guide us in improving those products or how we present them.
  • Compliance and websites protection: (Limited to necessary situations) To ensure the security of our websites and comply with legal requirements. We might use personal data to prevent fraud, detect network and information security issues, or to comply with laws that apply to our online interactions. While this is not a marketing purpose per se, it’s an important aspect of running a websites and protecting user data.

We will not use your personal data for purposes that are incompatible with the above. If we plan to process your data for a new purpose that isn’t covered by this Policy, we will provide you with a new notice or request your consent as required.

What are the legal basis for these processings?

Our processing of personal data for the above purposes is justified under applicable data protection laws. Depending on the context, one or more of the following legal bases (as defined in GDPR and similar laws) will apply:

Legitimate interests: In many cases, we process your data because it is in our legitimate interests to do so as a commercial business.

These legitimate interests include responding to your inquiries, promoting and developing our products, and improving our websites and services. For example, if you drop your business card at a trade show or fill out a contact form, we have a legitimate interest in following up with you about our products. We only rely on this basis after considering your rights and ensuring that our data use is proportionate and would not be unexpected or intrusive. Direct marketing to our business contacts may be considered a legitimate interest (Recital 47 GDPR notes that processing personal data for direct marketing purposes may be regarded as carried out for a legitimate interest). You always have the right to object to marketing (see 09. What are your rights as a Data subject?), and we will honor any opt-out requests.

Consent: We rely on your consent in situations where consent is required or the most appropriate basis. For instance, if you are a new subscriber to our newsletter or if local law requires opt-in for email marketing, we will only send you promotional emails if you have given explicit consent (e.g., by ticking a sign-up box). Similarly, our use of non-essential cookies or similar tracking technologies is based on your consent, where required. You have the right to withdraw your consent at any time (with effect for the future), which will stop the relevant processing (see 11. Cookies and Tracking Technologies and 09. What are your rights as a Data subject? sections for how to adjust your preferences).

Contractual necessity: When you request something from us that requires processing of personal data as part of a contract or pre-contractual step, we process your data on the basis that it is necessary to fulfill that request or contract. For example, if you ask for a product sample, register for a webinar, or become a customer of Barry Callebaut, we will need to use your contact details and any relevant information to perform our agreement with you (providing the sample, the webinar access, or the products/services you purchased). If you refuse to provide necessary data in these cases, we may not be able to fulfill your request or enter into the contract with you.

Legal obligation: In some situations, we may need to process or retain your data to comply with a legal obligation. For example, if you become a customer, we may need to keep certain records for accounting and tax law purposes, or to comply with export regulations. We typically will cite this basis when a law requires us to collect or keep information (e.g., record-keeping for transactions, honoring opt-out lists to comply with anti-spam laws, etc.). While this is not a primary basis for our marketing activities, we mention it for completeness.

We always ensure that we have a valid legal basis to process your personal data. If multiple bases apply, we may rely on different ones for different aspects of the processing. If you have questions about the specific legal basis for a particular processing activity, feel free to contact us for more information.

How long do we retain your personal information?

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with applicable laws and corporate policies. Retention periods may vary depending on the type of data and the context in which it was collected (lead vs. customer, etc.). Below is an overview of our retention approach for marketing and lead data:

Inactive Leads: If you have not yet become a customer and we collected your data as a marketing lead (for example, you contacted us for information but did not engage in further business), we will not keep your data indefinitely. We generally retain lead data for up to 2 years from the date of last interaction. If we have reached out to you and you have not responded, or there has been no other activity for a year, we will either archive your personal data or anonymize it. “Archiving” means we remove your data from our active systems; we may keep it in a suppressed list to ensure we respect your preferences (for instance, to avoid contacting you again if you chose not to be contacted). Anonymizing means we transform the data so it no longer can be used to identify you. This two-year period is a typical timeframe to determine that a lead has gone cold/inactive.

Customers and ongoing relationships: If you become a customer of Barry Callebaut or otherwise enter into a business relationship with us, we will retain your personal data for the duration of our relationship and afterward for as long as is necessary and relevant. Once the active relationship ends, we typically retain customer-related data for approximately 5 to 10 years. The exact duration may depend on the nature of the data and local legal requirements. For example, contract information and invoices may be kept for a certain number of years as required by commercial and finance laws (often 5-7 years, and in some jurisdictions up to 10 years). We keep this data to support warranty or service obligations, handle any post-sales inquiries, maintain business records, and comply with legal retention obligations. After the applicable retention period, we will either securely delete the data or anonymize it so it can no longer be linked to you.

Prospective and active communication: If you have opted in to receive marketing communications (e.g., newsletters) without becoming a customer yet, we will retain the necessary contact details until you unsubscribe or until we determine that our communications are consistently inactive (such as if emails bounce or remain unopened for a long time). We may periodically cleanse our mailing lists to remove contacts that are unresponsive over a significant period, in line with good email practices.

Legal requirements and disputes: In all cases, we may retain information for a longer period if required to meet legal obligations or if necessary to resolve disputes, enforce our agreements, or protect our legal rights. For example, if a law requires us to keep certain data for a minimum period, we will respect that. Similarly, if there’s an ongoing dispute or investigation, we will retain relevant data until it is resolved. During such extended retention, we will restrict access to the data to only those who need it for the specified legal purposes.

After the expiration of the retention period, or once the data is no longer needed even within that period, we ensure it is securely deleted or rendered anonymous. If data is anonymized, it is no longer personal data and we may use it for analytics or statistical purposes. We continuously review the data we hold and erase or anonymize personal data that is no longer necessary.

Data transfers and third Parties

Barry Callebaut does not sell your personal information. However, we do share personal data with certain third parties and transfer data to other jurisdictions in the course of our business. We take care to do this in a secure manner and in compliance with data protection laws. Below we explain who may receive your data and how we protect your data when it travels globally.

1. With whom do we share your data?

- Within the Barry Callebaut Group: We may share your personal data with other companies in the Barry Callebaut corporate group (such as our affiliates, subsidiaries, and parent company) if necessary for the purposes described in this Policy . For example, if you are located in a different country, your inquiry may be forwarded to the Barry Callebaut sales team or distributor in your region to better serve you. All our group companies are required to handle your data in accordance with this Privacy Policy and our internal data protection standards.

- Service Providers (Processors): We use trusted third-party service providers to support our websites and marketing operations. These include services like websites hosting, customer relationship management (CRM) platforms, email marketing tools, analytics providers, and event management services. When these providers process personal data on our behalf (and not for their own purposes), they act as “data processors” under the law. We only share the data that is necessary for them to perform their services, and we ensure there is a contract in place that obligates them to protect your data. For example, if we use an email broadcasting service to send out newsletters, that provider will have access to your email address for the purpose of sending our emails, but they are not allowed to use your information for anything else. They must also keep it confidential and secure.

- Business partners and distributors: In some cases, we might share your information with our official distributors, agents, or business partners. For instance, if you inquire about a product that we sell through a local distributor in your country, we may pass along your details to that distributor so they can contact you to fulfill your request. Similarly, if we co-sponsor an event or initiative with another organization (such as a chocolate industry conference), and you sign up, we might share attendee information with the co-organizer for logistical and networking purposes. We will only do this with partners that are bound to use your data solely for the intended purpose and to treat it with confidentiality .

- Legal and safety disclosures: We may disclose personal data to third parties if we believe in good faith that such disclosure is necessary to (a) comply with a legal obligation or request (for example, a court order, subpoena, or government inquiry), (b) enforce our websites terms of use or other agreements, or (c) protect the rights, property, or safety of Barry Callebaut, our employees, our users, or others. This could include sharing information with law enforcement or regulators, or with external advisors (like attorneys or auditors) as required. We will ensure any request is valid and only provide the minimum data necessary.

- Corporate transactions: Although not common, if Barry Callebaut undergoes a business transaction such as a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the acquiring or merging entity as part of the transaction. If this happens, we will ensure your data remains protected by this Privacy Policy (unless, and until, it is superseded by a new privacy policy following the transaction, at which point you would be informed of the changes).

A list of our providers and third parties can be requested by sending an email to [email protected] 

 

2. Do we transfer your data internationally?

Barry Callebaut is a global company headquartered in Switzerland and operating in many countries. As a result, the personal data we collect may be transferred and stored across international borders. For example, data collected from the EU or UK may be transferred to our servers or offices in Switzerland or other countries, and vice versa. When transferring personal data internationally, we take extra precautions to ensure that your data remains protected to the standard required by the GDPR and relevant laws, regardless of where it is processed.

  • Adequacy decisions: We will, where possible, transfer personal data only to countries that have been officially deemed to have an “adequate” level of data protection by the European Commission or other relevant authorities. An adequacy decision means the country’s laws are considered essentially equivalent to EU data protection standards, so data can flow freely. For instance, the EU has recognized countries like Switzerland, Canada (commercial organizations), Japan, and others as providing adequate protection. If your data is transferred to one of these jurisdictions, it enjoys a level of protection deemed comparable to EU law.
  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (for example, a transfer from the EU to the United States or to an Asian country that hasn’t been declared adequate), we put in place European Commission-approved Standard Contractual Clauses as part of our contract with the data importer . SCCs are legal clauses that bind the recipient of the data to protect it according to EU privacy standards, even in a country that lacks such laws. They provide a mechanism to safeguard personal data internationally. Practically, this means if your data is handled by, say, a U.S.-based service provider, we will have an agreement in place with them with these clauses obligating them to protect your data.
  • Binding Corporate Rules (BCRs): In cases of transfers within the Barry Callebaut group, we either use SCCs or, if available in the future, Binding Corporate Rules. BCRs are internal policies adhered to by all members of a corporate group which have been approved by EU data protection authorities, allowing intra-group transfers of personal data at a high protection level. As of now, Barry Callebaut ensures intra-group data transfers are protected via agreements; we will update this Policy if we implement BCRs or similar group-wide measures officially.
  • Other safeguards: In specific cases, we may rely on additional safeguards or derogations permitted by law. For example, if you explicitly consent to an international transfer after being informed of possible risks, or if a transfer is necessary for the performance of a contract with you (such as booking a training session in another country at your request), we will ensure any such transfer is lawful. These cases are limited and we will always prioritize structured mechanisms like SCCs or adequacy when possible.

No matter where your personal data is processed, we enforce privacy protections as described in this Policy. All third parties handling personal data on our behalf must adhere to comparable privacy and security standards, either through contract or through certifications/frameworks (such as Privacy Shield’s successors or other government-approved frameworks, where applicable). We also continuously monitor the legal landscape for international transfers (for example, evolving requirements post-Schrems II decision) and will adjust our practices to remain compliant. If you have questions about a specific transfer or the safeguards in place, you can contact our DPO for more information.

3. How do we ensure the security and confidentiality of your personal information?

We take the security of your personal data very seriously. Barry Callebaut has implemented a variety of technical and organizational measures to prevent unauthorized access, loss, misuse, or alteration of your data. These measures are continuously reviewed and updated to match industry best practices and emerging threats. Key security practices include:

  • Encryption: We use encryption technology to protect personal data. For example, our websites are secured with SSL/TLS encryption (you’ll notice the padlock in your browser address bar when visiting our site), which protects data during transmission by scrambling it so that it cannot be read by eavesdroppers . Sensitive information is also encrypted at rest in our databases or systems whenever feasible, adding an extra layer of protection in case of any unauthorized access.
  • Access control and confidentiality: We restrict access to personal data strictly on a need-to-know basis . This means only authorized Barry Callebaut personnel (or authorized personnel of our processors) who require your information to perform their job (for example, responding to an inquiry or sending a newsletter) are able to access it. We have defined user roles and permissions in our systems (role-based access control) to ensure that people only see the data necessary for their duties. All employees receive training on data protection and are bound by confidentiality obligations, so they understand the importance of safeguarding personal data.
  • Security procedures and policies: We maintain comprehensive security policies governing how personal data must be handled and protected. This covers everything from using strong passwords and multi-factor authentication, to secure configurations of our IT infrastructure, to rules about using and sharing data. We regularly review these policies and update them as needed. We also have incident response plans in place so that if a security issue or breach were to occur, we can react swiftly to contain and remediate it.
  • Network and system security: Our IT environment employs modern security tools such as firewalls, intrusion detection/prevention systems, anti-virus/anti-malware software, and monitoring systems to guard against external attacks . We keep our software and systems up-to-date with security patches (patch management) to reduce vulnerabilities. Our data centers and cloud services utilize robust security measures and are often certified to standards like ISO 27001 or SOC 2 (which are frameworks for information security management), ensuring a high level of data protection.
  • Audits and assessments: We conduct regular audits, tests, and assessments of our security measures and compliance procedures. This can include internal audits, external security assessments, and penetration testing of our websites. We also review our vendors’ security practices (through questionnaires or compliance certifications) to ensure they meet our standards. Compliance with data protection and security requirements is monitored on an ongoing basis, and we actively address any areas for improvement that are identified.
  • Data minimization and pseudonymization: Wherever possible, we follow the principle of data minimization — collecting and retaining only the personal data that is relevant and necessary for the stated purposes. In some cases, we may pseudonymize data (replace identifying fields with artificial identifiers) or anonymize it if full details are not needed, especially when using data for analytics. This reduces the risk to your privacy in the event of any issue.
  • Physical security: In our offices and data centers, we also employ physical security controls. Personal data on paper (if any) is stored securely, and our facilities have access controls (like keycards or biometric access, surveillance cameras, etc.) to prevent unauthorized entry.

While we strive to protect your information, no system can be 100% secure. However, we have invested in and continue to upgrade our protections to keep pace with security best practices. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the appropriate authorities as required by law. We also encourage you to play a part in security: for example, if you create an account on our websites, choose a strong password and keep it confidential. If you suspect any unauthorized access or have questions about our data security, please contact us immediately.

What are your rights as a Data subject?

As a data subject (an individual whose personal data we process), you have specific rights under GDPR and other privacy laws. Barry Callebaut is committed to honoring these rights. Below we outline your rights and how you can exercise them:

  • Right to access: You have the right to request confirmation of whether we are processing your personal data, and if so, to access that data. This is often called a Subject Access Request. Upon request, we will provide you with a copy of the personal data we hold about you, along with information about how we use it . This allows you to verify that we are handling your data in accordance with the law.
  • Right to rectification: If you believe that any personal data we have about you is incorrect or incomplete, you have the right to request that we correct (rectify) or update it. For example, if your name is misspelled in our records or you change your email address, you can ask us to fix it. We strive to keep our data accurate and will make the corrections as soon as possible upon your request.
  • Right to erasure: You have the right to request deletion of your personal data in certain circumstances – this is also known as the “right to be forgotten.” You can request erasure, for instance, if the data is no longer necessary for the purposes it was collected, if you have withdrawn your consent (and no other legal basis exists), or if you object to processing and we have no overriding legitimate grounds to continue . If we have unlawfully processed your data or are required to delete it to comply with a legal obligation, you can also exercise this right. When we receive a valid erasure request, we will remove or anonymize your data (unless an exemption applies). Please note that this right is not absolute – sometimes we must retain certain information (e.g., for legal compliance), but we will inform you if that is the case.
  • Right to restrict processing: In certain situations, you can ask us to restrict or “pause” the processing of your data. This means we would store your data but temporarily refrain from using it. You might request restriction if you contest the accuracy of the data (while we verify it), or if you have objected to processing (while we consider your objection request), or if processing is unlawful but you prefer restriction over deletion. When processing is restricted, we will clearly mark the data and only process it for specific reasons (for example, to establish legal claims or with your consent).
  • Right to object: You have the right to object to our processing of your personal data when such processing is based on legitimate interests, including profiling on that basis. You also have an absolute right to object to direct marketing at any time . This means if you no longer want to receive marketing emails or calls, you can inform us and we will stop using your data for those purposes. If you object to processing based on other legitimate interests, we will review your request and stop processing the data unless we have compelling legitimate grounds that override your interests or the processing is needed for legal claims. Objections to marketing, however, will always be honored – we will cease marketing processing promptly after receiving your objection.
  • Right to data portability: This right allows you to receive certain personal data from us in a structured, commonly used, machine-readable format, and/or to request that we transmit it to another data controller. It applies to personal data that you have provided to us, and that we process by automated means based on your consent or on a contract with you. For example, if you provided us with data and want to transfer it to a different service provider, we will, where feasible, help transmit your data in a safe way. Note that data portability does not apply to data we create (like internal analysis) or to processing based on legitimate interests.
  • Right to withdraw consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of any processing done before you withdrew, but it means we will stop the consent-based processing going forward. For example, if you consented to receive our newsletter, you can opt out later (withdraw consent) and we will stop sending it. Withdrawing consent is as easy as giving it – for emails, you can click the “unsubscribe” link; for other consents, you can contact us using the methods below. We do not penalize anyone for withdrawing consent.
  • Right to lodge a complaint: If you believe your data protection rights have been violated or that we have not handled your personal data lawfully, you have the right to file a complaint with a supervisory authority (such as a Data Protection Authority in your country). For EU residents, this is typically the authority in the country of your habitual residence or where the alleged infringement occurred. We would appreciate the chance to address your concerns directly before you approach a regulator, so we encourage you to contact us first, but you are free to seek assistance from authorities at any time.

How can you exercise your rights?

You can exercise any of your rights by contacting us through the contact information provided in this Policy. The easiest way is to email our Data Protection Officer at [email protected] with your request, or you may use the contact form on our websites (and mention it is a privacy request). To ensure we are dealing with the correct person, we may need to verify your identity before fulfilling your request (this is to protect your privacy by making sure someone else isn’t impersonating you). 

Verification might involve answering a few questions or providing a form of identification. We will respond to your request as soon as possible and at the latest within the timeframes set by law (under GDPR, typically within one month). If for some reason we cannot fulfill your request (for example, if an exemption applies or we need to retain data for legal reasons), we will explain the reason to you.

Exercising your rights is free of charge. However, if a request is manifestly unfounded or excessive (for instance, repetitive requests without good reason), we may either charge a reasonable fee or refuse to act on it – but we will provide you with an explanation in such cases. We want to assure you that your rights are important to us, and we have processes in place to make sure we handle requests properly. If you have any questions about your rights or how to exercise them, please do not hesitate to contact us for assistance.

Cookies and Tracking Technologies

Our websites uses cookies and similar tracking technologies to provide a smooth user experience and to help us understand how our site is used . This section explains what these technologies are and how we use them.

1. What are Cookies?

Cookies are small text files that are placed on your computer or device when you visit a websites. They are widely used to make websites work efficiently and to collect information about your online preferences. When you return to a site, or visit other websites that use the same cookies, those websites can read the cookie and recognize your browser. Cookies serve various functions: they can remember your login, keep track of your preferences (such as language or region), and help us analyze how well our site is performing. In addition to cookies, we may use related technologies like web beacons (tiny graphics embedded on pages or emails that indicate if an email was opened or a page was viewed) and mobile ad identifiers (for apps, though currently our focus is on the websites). For simplicity, we refer to all these as “cookies and tracking technologies.”

2. How do we use Cookies:

Barry Callebaut uses cookies to improve your browsing experience and to support our marketing efforts. Some cookies are necessary for the websites to function – for example, to enable navigation and basic features. Other cookies are not strictly necessary but are very helpful to us:

  • We use functional cookies to remember choices you make on our site (such as your preferred language or region, or items you might place in a cart on some sites) so that we can personalize content for you.
  • We use analytics cookies (e.g., Google Analytics or similar tools) to collect information about how visitors use our site. This data is aggregated and helps us understand things like which pages are most popular, how users move through the site, and if they encounter errors. The analytics cookies provide us with statistics that we use to improve our content and websites performance. For example, we might learn that many users visit a particular product page but leave quickly; this could indicate we need to improve that page.
  • We may use advertising or targeting cookies to track your browsing habits and activity across our site (and possibly other sites, if third-party cookies are involved) in order to show you relevant Barry Callebaut advertisements on other platforms. For instance, if you visited our site and showed interest in a specific product, you might later see an advertisement for that product on LinkedIn or another site – this is sometimes called retargeting. These cookies also help us measure the effectiveness of our ad campaigns (e.g., whether someone who saw an ad later visited our site).
  • We use social media plugins or cookies if you interact with social sharing buttons (like LinkedIn, Twitter, or Facebook share buttons) on our site. These plugins may set cookies that can identify you if you are logged into the respective social network, but those are controlled by the third-party social platforms.

The data we collect through cookies may include your device’s IP address, browser type, browsing actions, and general location (country or city level). We may link this data with the personal information you provide us (if you have given us identifiable information like your name or email) to create a more personalized experience. For example, if we know you by name from a form submission and we also see via cookies that you visited certain pages, we might use that combined information to determine what product you’re interested in and have a sales representative follow up with relevant information. However, we use such combined data internally and do not share your identifiable browsing data with third-party advertisers without your consent.

3. Cookie Consent and Management:

Because your privacy is important, we operate our cookies in compliance with applicable laws, which means: for cookies that are not strictly necessary, we will ask for your consent before placing them on your device. When you first visit our websites (and periodically thereafter), you will see a cookie banner or pop-up that informs you about our use of cookies and asks you to consent or manage your preferences. You can choose to accept all cookies, reject non-essential cookies, or customize your choices (e.g., only allow certain categories). Even after you’ve made your initial choices, you can always change your cookie settings. We maintain a Cookie Settings page (accessible via the websites footer) where you can adjust your preferences at any time .

If you prefer, you can also control cookies through your web browser settings. Most browsers allow you to see what cookies you have and delete them on a one-by-one basis, block third-party cookies (or all cookies), or receive a warning before a cookie is stored. Please note, however, that if you disable all cookies (including necessary ones) via your browser, some parts of our site might not function properly. For example, you might not be able to log in to certain sections or the site might not remember your language preference . Therefore, we recommend not blocking all cookies. Instead, use our cookie management tool to disable the categories you’re not comfortable with.

4. Third-Party and Analytics Cookies:

We use third-party service providers for analytics and advertising. These providers may set their own cookies (third-party cookies) on our site. For instance, as mentioned, we might use Google Analytics – Google will set cookies to collect usage information and compile reports for us. We have configured such services in a privacy-friendly manner as much as possible (for example, we may anonymize IP addresses in Google Analytics so that you are not identified). Still, any data collected by third-party cookies could be processed by the third-party (like Google) for their own purposes. We provide information about the key third-party cookies in our detailed Cookie Policy or Cookie Settings page. Additionally, some content on our site might be from external services (like an embedded video from YouTube or a social media feed), which can set their own cookies. We do not have direct control over those; however, you can block them by refusing third-party cookies via our cookie settings.

5. Do-Not-Track Signals: 

Our websites currently does not respond to “Do Not Track” (DNT) signals from browsers, due to the lack of an industry standard for such signals . If a standard for DNT is established in the future, we will revisit our policy on this. In the meantime, using our cookie consent tool is the best way to manage tracking on our site.

For more detailed information about the specific cookies we use and their purposes, please see our separate Cookie Policy or the Cookie Settings page on our websites. By using our site with cookies enabled, you consent to the use of cookies as described above. If you have questions about our use of cookies or other tracking technologies, feel free to contact us.

Changes to the Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, to keep up with new legal requirements, or for other operational reasons. Barry Callebaut reserves the right to amend this Policy at any time, and any changes will be effective when we post the revised Policy on our websites . If we make significant changes, we will provide a prominent notice on our websites or notify you via email or other means, where appropriate, so that you are aware of the updates. However, we encourage you to review this Policy periodically to stay informed about how we are protecting your information. The “last updated” date at the end of this Policy will indicate when the latest changes were made.

Your continued use of our websites after any modifications to the Privacy Policy have been posted will signify your acceptance of those changes, to the extent permitted by law. If you do not agree with any aspect of an updated Policy, you have the right to stop using the websites or object as permitted by law, and of course, you may also exercise any of your data subject rights (as described above). We will not reduce your rights under this Privacy Policy without your explicit consent. Any changes we make will comply with applicable privacy laws.

For historical reference or your convenience, we may keep prior versions of this Policy accessible (or you can request them from us) so you can see how the Policy has evolved. If you have any questions or concerns about the Privacy Policy changes, please contact us via the contact information provided in the relevant sections above.

 

Previous Privacy policy can be found here:

Contact Us

If you have any questions about this Privacy Policy or about how Barry Callebaut handles your personal data, please do not hesitate to contact us. You can reach our privacy team and Data Protection Officer at [email protected], or send correspondence to: 

Barry Callebaut AG, Attn: Data Protection Officer, Hardturmstrasse 181, 8005 Zurich, Switzerland

We are here to help and will gladly address any concerns or clarify any ambiguities you may have regarding your privacy. Thank you for taking the time to read our Privacy Policy.