Privacy Shield Policy

This Privacy Shield Policy (this "Policy") applies to personal information transferred to Driscoll's, Inc. ("Driscoll's," "our," or "us") in the United States from organizations subject to data protection law in the European Economic Area (EEA) (which includes the member states of the European Union (EU) plus Iceland, Liechtenstein and Norway). This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information. Please see our Privacy Policy for an explanation of how we collect, use, store, and disclose information about visitors to our websites.
 
DEFINITIONS
For purposes of this Policy, the following definitions shall apply:
 
Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Driscoll's or to which Driscoll's discloses personal information for use on Driscoll's behalf.
 
Driscoll’s” means Driscoll’s, Inc. and Driscoll International, Inc., and any predecessors and successors in the United States.
 
Personal information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.  Personal information does not include information that is anonymized or aggregated.
 
Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.

 

EU-U.S. PRIVACY SHIELD PRINCIPLES
 
Driscoll's participates in and complies with the EU-U.S. Privacy Shield Framework ("Privacy Shield") as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from organizations subject to data protection law in the EEA to the United States. Driscoll's has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Driscoll's' certification, please visit

https://www.privacyshield.gov/.

Notice
Driscoll's receives personal information about individuals in the EEA from Driscoll's' suppliers and customers. This personal information may include basic contact information such as name and email address and in the case of suppliers additional contact details and billing information. Driscoll's uses this information to provide its berries, recipes, and other products and services to its customers. Driscoll's also receives personal information about employees of, and applicants seeking employment with, Driscoll's EU-based subsidiaries, and which is transferred in the context of the employment relationship. Driscoll's uses this information for internal employment and human resources purposes. 
 
Driscoll’s will subject all personal information received via the Privacy Shield to the Privacy Shield Principles. Driscoll’s is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC). Driscoll’s may be required to disclose personal information in response to lawful requests by public authorities. Driscoll’s has potential liability for onward transfers to third parties. Additionally, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions.
 
Choice
If  you are not a resident of the EEA or we have received your information from you through our websites, applications and services,please see our Privacy Policy for information about your choices.
 
Driscoll's will offer EEA individuals whose personal information has been transferred to us the opportunity to choose whether their personal information is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the address given below.
 
Driscoll's will not use sensitive information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Driscoll's has received the individual's affirmative and explicit consent (opt-in). 
 
Data Integrity and Purpose Limitation
Driscoll's will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Driscoll's will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.
 
Transfers to Agents
Driscoll's contracts with agents who perform functions on our behalf, including cloud-based data hosting and data processing services. These agents may have access to personal information if needed to perform their functions for Driscoll's. Driscoll's does not transfer personal information to non-agent third parties. Driscoll's will provide an individual opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. 
 
Driscoll's will require its agents to safeguard personal information consistent with this Policy by contract, obligating the agent to provide at least the same level of protection as is required by the Privacy Shield Principles. Driscoll's also may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Under certain circumstances, Driscoll's may bear liability for onward transfers of personal data where its agent processes personal data inconsistent with the Privacy Shield Principles, unless Driscoll's proves that it is not responsible for the event giving rise to the damage.
Right to Access and Correction
 
Upon request, Driscoll's will grant individuals reasonable access to personal information that it received pursuant to these Principles. In addition, Driscoll's will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. An individual may request access to their information, or otherwise correct, amend, or delete their information pursuant to the Privacy Shield Principles, by contacting us at the address given below.
 
Security
Driscoll's will take reasonable and appropriate precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
 
Enforcement
Driscoll's will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Driscoll's determines is in violation of this policy may be subject to disciplinary action.  Driscoll's is subject to the investigative and enforcement authority of the FTC.
 
Dispute Resolution
In compliance with the Privacy Shield Principles, Driscoll's commits to resolve complaints about your privacy and our collection or use of your personal information. EEA individuals with inquiries or complaints regarding this Policy should first contact Driscoll's at the address given below. Driscoll's will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy.
 
Driscoll's has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the BBB EU PRIVACY SHIELD web site at www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Where applicable to the employment relationship, Driscoll’s agrees to cooperate and comply with the EEA data protection authorities (DPAs) regarding the unresolved complaints of employee of Driscoll’s EU-based subsidiaries who are located in the EEA.  Such employees may direct complaints about their personal information to their respective DPA.  For the contact information for your country's DPA, please contact us at the address given below, or visit http://ec.europa.eu/ justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
 
CONTACT INFORMATION
 
Questions regarding this Policy should be submitted to Driscoll’s by mail to:
Driscoll’s, Inc.
Legal Affairs Department
Attn: VP, Compliance
300 Westridge Drive
Watsonville, California 95076
 
Or by email to: dataprivacy@driscolls.com
 
LIMITATIONS & CHANGES
 
We may also be required to disclose an individual's personal information in response to a lawful request by public authorities or in connection with a legal obligation. Adherence by Driscoll's to these Privacy Shield Principles may also be limited to the extent necessary to meet national security, public interest or law enforcement obligations, and to the extent expressly permitted by an applicable law, rule or regulation.
 
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. The amended Policy will be made publicly available via Driscoll's' website.
 
Effective Date:  April 4, 2019