WHO WE ARE (Web information)
Sysco and affiliated companies operate at more than 320 distribution facilities worldwide and serves more than 650,000 customers. For a list of our companies and locations please click here: https://sysco.com/Contact/Contact/Our-Locations.html
This Policy is an enterprise-wide policy and shall apply to Sysco and Sysco subsidiaries owned and managed websites and applications.
Compliance to privacy and data protection regulations such as the General Data Protection Regulations (GDPR) or the California Consumer Privacy Act (CCPA) requires Sysco to explain how we collect, protect, use and disclose Personal Information (defined below, refer to Definitions Section) when visitors use our Sites and applications.
HOW SYSCO COLLECTS PERSONAL INFORMATION
Sysco may collect personal information from its customers, suppliers and other Site users in several ways:
Sysco may gather account information through the Sites;
Sysco may gather customer information through the Sites;
Sysco may maintain historical account information of its customers and suppliers;
Sysco may gather information about individual guarantors;
Sysco may gather information from the Sites by cookies and similar Internet monitoring technologies; and
Sysco may in some instances gather information from third parties, for example, when a customer completes a purchase with Sysco through a third-party website.
WHAT PERSONAL INFORMATION SYSCO COLLECTS
The categories of personal information we may collect through the Sites, use, and disclose for a business purpose as described below are as follows:
Personal identifiers for employment applications or business credit applications, such as a real name, alias, postal address, unique personal identifier, IP address, email address, account name, social security number, driver’s license number, national insurance number, passport number, or other similar identifiers;
Personal identifiers for processing transactions, such as name, email address, shipping address, phone number, payment card information, and information about transactions including purchase information and pick-up times and locations;
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
Internet or other electronic network activity information, including browsing history, search history, and information regarding a California resident’s interaction with an internet web site, application, or advertisement;
Audio, electronic, visual or similar information;
Professional or employment-related information; and
Education information for employment purposes
We also reserve the right to use outside companies to display ads on our Sites. These ads may contain cookies. Cookies received with banner ads are collected by such outside companies, and we do not have access to this information. These outside companies also may collect and combine information collected on our Sites and emails with other information about your online activities over time, on other devices, and on other websites or apps, if those websites and apps also use the same partners.
We currently use Google Analytics to collect and process certain Site usage data. To learn more about Google Analytics and how to opt out, please visit https://policies.google.com/technologies/partner-sites. You may be able to change browser settings to block and delete cookies when you access our Sites through a web browser. However, if you do that, our Sites may not work properly. Our Sites do not respond to browser do-not-track signals.
You may be able to opt out of receiving personalized advertisements on this browser or device from advertisers, or other advertising networks who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out options of each of those organizations. Links to those websites are as follows:
Network Advertising Initiative: http://www.networkadvertising.org/choices/
Digital Advertising Alliance: http://www.aboutads.info/choices/
When you opt out of personalized advertising, you may continue to see online advertising on the Sites and/or our ads on other websites and online services.
HOW SYSCO USES PERSONAL INFORMATION
To establish, conduct, maintain and conclude business arrangements.
To evaluate and engage with prospective and current customers, suppliers and other business partners.
To evaluate and engage with prospective employees.
To process transactions with customers and suppliers and to improve its business processes.
To fulfill orders placed by customers, to order goods from suppliers, to respond to the requests of users of the Sites, and generally to enrich the usefulness of the Sites.
For identifiable and aggregate basis, in various analyses intended to help Sysco understand its customers and suppliers better.
Aggregated reports – Sysco may combine personal information with other information to create aggregate or summary reports and may provide aggregate data to other parties for marketing, advertising, and other purposes.
If Sysco provides information to other parties in aggregate form, such data will not include any specifically identifiable personal information concerning specific customers, suppliers or individuals unless authorized to do so.
DISCLOSURE OF PERSONAL INFORMATION
Personal information is used to complete and support your use of the Sites and the services provided thereon and to comply with any requirements of law. Sysco may share personal information with third parties as described below:
Sysco may disclose personal information as required by law and for the protection of Sysco and others.
Sysco may disclose personal information, subject to confidentiality restrictions, as part of a contemplated or actual corporate transaction, financing, or sale of the assets of a relevant business unit.
Sysco allows other users of the Sites to browse comments, questions or other entries that you have submitted or commented on in one or more forums, message boards, product ratings, feedback portals or other interactive or social aspects that Sysco may include on the Sites from time to time. Note that any such disclosures may be publicly available to any visitor to the Sites, and, in addition, Sysco may choose to post this data on other platforms publicly in the future. Your use of such social features constitutes your consent and agreement to Sysco’s use of any content you post or transmit through such features for Sysco’s editorial, advertising and publicity purposes, without compensation to you, except where prohibited by law.
PROTECTING YOUR PERSONAL INFORMATION
Personal information collected on the Sites may be stored and processed in the United States or any other country in which Sysco or its affiliates, subsidiaries, agents, or third-party service providers maintain facilities and/or infrastructure, and by using the Sites, you acknowledge that such transfers of information outside of your country to the extent permissible under applicable law occur.
ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EEA
Lawful Basis for Using Personal Information
We use the personal information you provide to us (either orally, in writing, through your use of our website, or as a result of our dealings with you) and any data we obtain from third parties to provide the service requested by you.
We recognise that we have a legitimate interest in processing the personal data we collect about you for a number of reasons, including, but not limited to: marketing purposes, to enable us to enhance, modify, personalise, or otherwise improve our services, identify and prevent fraud, enhance and protect the security of our network and systems, and market research. “Legitimate interests” means the interests of our business in conducting and managing our business to enable us to give you the best service and most secure experience.
When we use your information for our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. Where applicable, legitimate interest assessments are conducted to ensure that these rights are protected.
You may inform us of any changes in your personal information, and in accordance with our obligations under applicable data protection laws we will update or delete your personal information accordingly.
You may have the right to: request (a) access to your personal information we hold about you; (b) request we correct an inaccurate persona information we hold about you; (c) request we delete any personal information we hold about you; (d) restrict the processing of personal information we hold about you; (e)object to the processing of personal information we hold about you; and/or (f) receive any personal information we hold about you in a structured and commonly used machine-readable format or have such personal information transmitted to another company. If you would like to exercise any of your rights, please contact email@example.com.
Retention or Your Personal Information
We will hold your personal information in accordance with the principles of the GDPR (and associated legislation) and for as long as reasonably necessary to fulfil the purposes for which it was collected. We may obtain your data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. We are obliged and permitted by law and regulation to retain certain types of data for a minimum period. The minimum period tends to be for six years but can be longer if the statute or regulation requires
ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
The California Consumer Privacy Act of 2018 (CCPA) went into effect on January 1, 2020. The CCPA grants certain California residents five new rights respecting their personal information. If you are a California resident, you may have the following rights:
The right to request more information about Sysco’s data collection and sales practices in connection with your personal information, including the categories of personal information Sysco has collected, the source of the information, Sysco’s use of the information and, if the information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
The right to request a copy of the specific personal information collected about you during the 12 months before your request (together with right #1, a “personal information request”). You may only make a personal information request twice in a 12-month period, and Sysco will respond within 45 days of receiving a personal information request;
The right to request that personal information be deleted (with exceptions);
The right to request that your personal information not be sold to third parties, if applicable; and
The right not to be discriminated against because you exercise any of the new rights.
Sysco does not rent, sell, or share personal information (as defined by California Civil Code §1798.83) about you that we collect on the Site with other people or unaffiliated companies for their direct marketing purposes, unless we have your permission, and Sysco has not “sold” (as that term is defined in the CCPA) your personal information in the last 12 months
Note that, in connection with the exercise of the above rights, Sysco may need to collect information from you so that Sysco can verify your identity.
You may exercise these rights by contacting us. Please go to REPORTING & INVESTIGATIONS for additional information.
PROTECTING THE PRIVACY OF CHILDREN ONLINE
Sysco’s Sites are not directed to children under the age of 13 and do not knowingly collect personal information from children under the age of 13.
Please use the Contact Us email below if you have concerns regarding the potential collection of your child’s information.
OTHER PRIVACY RIGHTS
In addition to the jurisdictions addressed above, other jurisdictions have specific legal requirements and grant specific privacy rights, and we will comply with restrictions and any requests you submit as required by the applicable law. For example, you may have the right to review, correct, and delete personal information we have about you, or to consent or withdraw consent to certain uses or sharing of personal information. If you would like to request access to personal information that we maintain, or to request that we update, correct, or delete your personal information, please go to Reporting and Investigations for additional contact information. When you make a request, we may require that you provide information and follow procedures so that we can verify a request you make (and determine the applicable law) before responding to it. The verification steps we take may differ depending on the applicable law and the request you make.
LINKS TO OTHER SITES
REPORTING & INVESTIGATIONS
US AND NON-EEA REQUEST
Additionally, individual privacy right request can be made by visiting our web page at www.sysco.com or leave a message on our toll-free number at (855) 41-SYSCO.
To exercise any of your rights in connection with your personal information, please contact firstname.lastname@example.org. We will process any request in line with applicable local laws. You additionally have the right to lodge a complaint about how we process your personal information with the supervisor authority in your country.
Associates may immediately report any known or suspected violations of this Policy. To do so, you shall contact your direct supervisor or another member of management, your Human Resources Business partner, or the Ethics Line, a confidential toll-free third party-operated telephone service at 877-777-4020. You may also submit a report via the Ethics Line website: http://ethicsline.sysco.com a confidential web-based online reporting vehicle. Anyone reporting a suspected or actual violation of this Policy in good faith shall be protected from retaliation under Sysco’s Code of Conduct. You must cooperate with all investigations of alleged Policy violations.
DISCIPLINE & OTHER CONSEQUENCES
Employees who violate this Policy shall be subject to appropriate disciplinary action or other remedial measures up to and including termination of employment if warranted under the circumstances and permissible under applicable law.
The provisions of this Policy shall not be waived. Sysco management does not have the authority to approve waivers to this Policy or any legal/regulatory requirement.
REVISION & REVOCATION
LOCAL POLICIES & PROCEDURES
Sysco operates in many countries, and it is Sysco’s intention to comply with all applicable legal requirements. Accordingly, if a provision of this Policy conflicts with applicable local legal requirements, Sysco may adopt regional or country-specific policies on this subject to accommodate local conditions or legal requirements; You must comply with all applicable local laws, regulations, policies and procedures
The General Data Protection Regulations (GDPR) 2018 – regulation in EU on data protection and privacy for all individual citizen of the European Union and the European Economic Area. It also addresses the transfer of personal data outside of the EU and EEA areas.
California Consumer Privacy Act (CCPA) 2020 – A bill that enhances privacy rights and consumer protection for resident of California, USA
Business Customer: An entity who has entered into a prime contract with Sysco or a subsidiary to provide business services and/or product.
EEA: European Economic Area
Associate: Person who is employed by Sysco or a subsidiary -otherwise identified as an employee.
POLICY REVIEW AND REVISION
This policy shall be reviewed annually or more frequently as required by changes in legal, regulatory or Sysco requirements, or to correct identified deficiencies. This policy supersedes all previous versions.
OTHER POLICY REQUIREMENTS
This policy shall be maintained and connected to all Sysco owned websites through placement on Sysco.com.
Executive Policy Owner
SVP, Legal Gen Counsel and Corp Secretary
Sr. Director Global Business Continuity and Operational Risk
Sr. Director Global Business Continuity and Operational Risk
June 1, 2020
Reason for Revision