Privacy Policy

Website Terms of Use and Privacy Policy

Gruma International Foods SL Privacy Policy

Overview – the key information you should be aware of

(A) Who we are: We are Gruma International Foods SL (company number B-84794536 with registered address at Avenida de Barajas, 24, Planta 2, Alcobendas, 28108, Madrid, Spain), a global food company and worldwide leader in the corn flour and tortilla categories as well as a relevant player in flatbreads. Gruma International Foods SL and its group companies in Europe are the controllers of your personal data, and are responsible for your personal information. The following are the relevant group companies in Europe:

Mission Foods UK Limited

Gruma Netherlands, BV

NDF Azteca Milling Europe, SRL

Azteca Foods Europe, SA

Mexi Foods, SL

All references in this policy to "Gruma", "our", "us" or "we" refer to Gruma International Foods SL, and its group companies. All references in this policy to "our website", refer to the websites currently owned by Gruma, including www.missionfoods.eu and http://www.ndfgruma.com/.

(B) Our values and what this policy is for: We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information. We also want you to know your rights in relation to your information which you can find here.

In line with these values, this privacy policy tells you what to expect when we collect and use personal information about you. We have tried to make it easy for you to navigate so you can find the information that is most relevant to you and our relationship with you.

We are always looking to improve the information we provide to our customers and contacts so if you have any feedback on this privacy policy, please let us know using our contact details in section 13.

(C) Who this policy applies to: This policy applies to:

    1. Visitors to our website;
    2. People who contact us with enquiries through our websites, Twitter, Instagram, Facebook and all other social media platforms, by phone, letter or email [LINK]; and
    3. Job applicants for vacancies at Gruma [LINK].

Depending on our relationship, we may collect and use your information in different ways. Please click on the links above to find out the information that we collect about you and how we use this information.

(D) What this policy contains: This privacy policy describes the following important topics relating to your information (you can click on the links to find out more):

    1. How we obtain your personal information
    2. Collection of your personal information and how we use it
    3. Our legal basis for using your personal information
    4. How and why we share your personal information with others
    5. How long we store your personal information
    6. Your rights
    7. Children
    8. Marketing
    9. Where we may transfer your personal information
    10. Risks and how we keep your personal information secure
    11. Links to other websites
    12. Changes to this privacy policy; and
    13. Further questions and how to make a complaint

(E) Your rights to object: You have various rights in respect of our use of your personal information as set out in section 6. Two of the fundamental rights to be aware of are that:

  1. you may ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
  2. you may ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person's, legitimate interest.

You can find out more information in section 6.

(F) What you need to do and your confirmation to us: Please read this privacy policy carefully to understand how we handle your personal information. By engaging with us in the ways set out in this privacy policy, you confirm that you have read and understood the entirety of this privacy policy, as it applies to you.

The detail – the key information you should be aware of

1. How we obtain your personal information

1.1 You may provide us with your personal information voluntarily. We may also receive information about you from third parties (where you have given them consent to share such information) such as marketing agencies, market research companies, our suppliers, contractors and consultants, group companies, public websites and public agencies, which we refer to as "third party sources" or "suppliers" throughout this policy.

1.2 You may give us personal information about yourself by using the online form provided on our website, in cases where you need to contact us. In addition, you could also contact us by phone, email or other means, and provide us with personal information about yourself without an express requirement from us. This includes, for example, where you provide your personal information to us in order to be part of our distribution list to receive, for example, our newsletters, recipes, promotions, etc.

2. Collection of your personal information and how we use it

Please go to the section or sections below that best describes our relationship with you to find out the information that we collect about you and how we use this information. We refer to this as "personal information" throughout this policy.

2.1 Visitors to our website

(a) What personal information we could collect about you

You are able to surf on our website, without a specific requirement to provide us with personal information.

Our website uses some Cookies to facilitate your navigation on our website. See our Cookies Policy.

We may collect and use any of the following information about you but always with your consent or relying on another appropriate legal basis as specified below and based on this Policy. At present our website only presents a specific form with certain requested personal data, used fundamentally to answer your questions, being catalogued in the area 2.2 People who contact us with enquiries.

Below you can see examples of the data that may be required by us:

    1. your name including your title;
    2. your postal address;
    3. your email address;
    4. your telephone number;
    5. information provided when you correspond with us;
    6. any updates to information provided to us;
    7. personal information we collect about you or that we obtain from our third party sources (where you have given them consent to share such information);
    8. the following information could be processed automatically when you visit our website by using cookies or similar technologies: 
      1. Technical information. This includes: the Internet Protocol (IP) address used to connect your computer to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform. We use this personal information to administer our website, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our websites;
      2. Information about your visit and your behaviour on our website (for example, the pages that you click on). This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.

(b) How we use your personal information

We will collect, use and store the personal information listed above for the following reasons:

    1. for improvement and maintenance of our website and to provide technical support for our website;
    2. to ensure the security of our website;
    3. to evaluate your visit to the website and prepare reports or compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive. Such details will be anonymised as far as reasonably possible and you will not be identifiable from the information collected.
    4. Customer services.
    5. Promotions and prize draws, advertised on the website. In general, the activities of promotions and raffles are managed mainly through our social media linked on our webpage.
    6. Commercial, promotional or advertising communications of our products or services, when the user, consumer, client or supplier has given their consent.

Please see sections 2.4 and 2.5 for more details about how we use your personal information.

(c) A word about cookies

    1. Some pages on our website use cookies, which are small files placed on your internet browser when you visit our website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.
    2. Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website.

For detailed information on the cookies we use and the purposes for which we use them, please refer to our cookies policy on the website.

"We (and third parties that offer content, advertising or functionality in our Services) could also use other types of local storage technologies that work in a similar way to" cookies ", such as local shared objects (also known as "Flash cookies") and HTML5 local storage. These technologies are similar to "cookies" in the sense that they are stored on your device to identify it in different services and sessions. Keep in mind, however, that these technologies, compared to "cookies", can make use of other parts of your device, so you may not have the ability to control them using the tools and normal browser settings. If you would like more information on how to deactivate or delete the information contained in the "Flash cookies", click here. "
"In addition, depending on the browser or device you use, we (and third parties that offer content, advertising or functionality in our Services) can receive an identifier for your browser or device that can be used for similar purposes as those for which we and others we use "cookies" and beacons. The identifiers are not created by the services you access, but by the companies that make the software that runs on your device or browser. For example, if you access our Services through your iPhone, we may receive a temporary identifier of the device called "advertising identifier" (or "IDFA" for its acronym in English). In the privacy settings of your iPhone, you can "reset" this identifier, which means that a different identifier will be sent the next time you visit our Services.
If you are within the European Economic Area, "cookies" and similar technologies may only be used with your prior informed consent, unless they are necessary to provide the services requested. When possible, you may revoke consent in http://youronlinechoices.eu/

2.2 People who contact us with enquiries

(a) What personal information we collect about you

We may collect and use any of the following information about you:

    1. your name including your title;
    2. your postal address;
    3. your email address;
    4. your telephone number;
    5. information provided when you correspond with us;
    6. any updates to information provided to us.

(b) How we use your personal information

We will collect, use and store the personal information listed above to deal with any enquiries or issues you have about our products and services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes.

Please see sections 2.4 and 2.5 for more details about how we use your personal information.

2.3 Job applicants for vacancies at Gruma

(a) What personal information we could collect about you

It is possible to apply for a vacancy within our organization through our website. You can send us an email with your CV and the information you consider pertinent and necessary in connection with the application. . All the information is handled confidentially. Once the processes of searching for candidates for open vacancies have been completed, we delete all the information from our internal files.
When you submit an application for an advertised vacancy on the careers page of our website, we may collect and use any of the following information about you, as necessary and as allowed under the applicable law:

  1. your name including your title;
  2. your postal address;
  3. your email address;
  4. your telephone number;
  5. information provided in your CV/resume [and cover letter];
  6. information provided when you correspond with us;
  7. any updates to information provided to us.

(b) How we use your personal information

We will collect, use and store the personal information listed above, as necessary and as allowed under the applicable law, for the following reasons:

  1. to process your application (including candidate profiling and suitability assessment);
  2. to confirm information on resumes, CVs [and covering letters], providing reference letters and performance reference checks;
  3. to comply with any procedures, laws and regulations which apply to us;
  4. to establish, exercise or defend our legal rights; and
  5. otherwise, for the lawful operation of our business.

Please see sections 2.4 and 2.5 for more details about how we use your personal information.

(c) Source of personal information. We may receive some of your personal information from third parties, such as recruitment agencies where you have used their services and you have given them your consent to share your information.

(d) We do not collect special categories of data.

2.4 Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional reasons:

  1. requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes;
  2. for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies We may process your personal information for these purposes where it is in our legitimate interests to do so;
  3. to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so;
  4. to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.

2.5 Further processing

We will not use your personal information in any way that is incompatible with the purposes set out in this section 2. Please contact us using the details in section 13 if you want further information on the analysis we will undertake to establish if a new use of your personal information is compatible with these purposes.

3. Legal basis for use of your personal information

3.1 We consider that the legal bases for using your personal information as set out in this privacy policy are as follows:

  1. we have obtained your consent; or
  2. our use of your personal information is necessary to perform our obligations under any contract with you (for example, to comply with the terms of use of our website which you accept by browsing our website); or
  3. our use of your personal information is necessary for complying with our legal obligations (for example, if you contact us requesting access to personal data we hold about you); or
  4. where neither (a), (b) nor (c) applies, use of your personal information is necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests are to:
    1. run, grow and develop our business as well as the businesses of our group companies;
    2. operate our website;
    3. business development; and
    4. for internal group administrative purposes.

If we rely on our (or a third party’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other party’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details at section 12.

3.2 We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).

3.3 If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at Mohammed_Saeed@gruma.com and / or Amy_LucyAshman@gruma.com and we will stop doing so.

4. How and why we share your personal information with others

4.1 We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).

4.2 We will share your personal information with the following third parties or categories of third parties:

(a) we use some providers to host our websites in Europe AND we have developers associated to manage some of our websites in Europe.

For the rest of our websites managed in Europe, we have our own maintenance services, and hosting through our corporate head office, using servers and resources located in Mexico and EEUU managed directly by Gruma

(b) our other service providers and sub-contractors, including suppliers of technical and support services, and cloud service providers; n

(c) companies that assist in our marketing, advertising and promotional activities;

(d) analytics and search engine providers that assist us in the improvement and optimisation of our website.

4.3 Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

4.4 We will also disclose your personal information, as strictly necessary and allowed under the applicable law, to third parties:

  1. where it is in our legitimate interests to do so to run, grow and develop our business: 
    1. if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
    2. if substantially all of our or any of our affiliates' assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
  1. if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
  2. in order to enforce or apply our terms of use, our terms and conditions for customers or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
  3. to protect the rights, property, or safety of Gruma, our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection.

4.5 We may also disclose and use anonymised, aggregated reporting and statistics about users of our website for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

4.6 Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

5. How long we store your personal information

We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. Our Data Retention and Record Management Policy reflects applicable legal regulatory and commercial requirements. If you wish to have more information about our retention policy applicable to your data, please contact amy_lucyashman@gruma.com.

6. Your rights

6.1 You have certain rights in relation to your personal information. If you would like further information in relation to these rights or would like to exercise any of them, please contact us via email at amy_lucyashman@gruma.com at any time. Please send an email to the aforementioned address and include in that email (i) your full name and (ii) the right(s) that you want to exercise.

6.2 You have the following rights:

(a) Right of access. You have a right of access to any personal information we hold about you. You can also ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the European Economic Area ("EEA").

(b) Right to rectify your information. You have a right to request the rectification of any of your personal information which is inaccurate, incomplete, out of date or incorrect.

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, using the contact details in section 13.

(c) Right of erasure of your information. You have a right to ask us to erase any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13.
We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, using the contact details in section 13.

(d) Right to restrict use of your information: You have a right to ask us to restrict the use of your personal information under certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13.

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 13.

(e) Right to stop marketing: You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.

(f) Right to data portability: You have a right to receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to ask us to provide your personal information to another controller without hindrance.
This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means and at the conditions set forth by art. 20 GDPR.

(g) Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person's legitimate interest.

(h) Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you: you have such a right under the conditions set forth by Art. 22 GDPR;

(i) Right to withdraw consent: where the processing is based your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6.3 We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances under the applicable law, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

6.4 If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

7. Children

7.1 We do not and will not knowingly collect personal data from any unsupervised child under the age of 16. If you are under the age of 16, you may not use our website unless your parent or guardian has provided us with their consent for your use of our website.

7.2 Please contact us at Mohammed_Saeed@gruma.com if you are aware that we may have inadvertently collected personal information from a child.

8. Marketing

8.1 If we have obtained your consent to do so, we may collect and use your personal information for undertaking marketing by email, contact via social media and post.

8.2 We may send you certain marketing communications (including electronic marketing communications) if it is in our legitimate interests to do so for marketing and business development purposes or, if you are a sole trader or a non-limited liability partnership if you have consented to receive such electronic marketing information.

8.3 However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.

8.4 If you wish to stop receiving marketing communications, you can contact us by email at amy_lucyashman@gruma.com.

9. Where we may transfer your personal information

9.1 Your personal information may be used, stored and/or accessed by staff operating outside the EU working for us, other members of our group or suppliers, including United States of America and Mexico. Further details on to whom your personal information may be disclosed are set out in section 4.

9.2 If we provide any personal information about you to any such non-EU members of our group or suppliers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this privacy policy. These measures may include the following permitted in Articles 45 and 46 of the General Data Protection Regulation:

  1. in the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome); or
  2. in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them in the event that county is not granted an adequacy decision by the European Commission.

9.3 Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting us by email at Mohammed_Saeed@gruma.com at any time.

10. Risks and how we keep your personal information secure

10.1 The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public, information that you would prefer to keep private.

10.2 For this reason, Gruma is committed to protecting your personal information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures. We keep a private network with security systems to avoid attacks or unauthorised access. Our platform is protected with the system Palo Alto, where it is updated and administrated to avoid unauthorised access and our email services are encrypted and it is administered by us, our operative systems in Servers, PC and laptops are based in Windows and we apply all tools and protections provided by Windows, included the scheme of Antivirus. We also use share points administrated by us with encryptions and administrations of the accesses. We have office 365 platform available that allows us to ensure the integrity and security of the most sensitive information, with the highest levels of security. Our internal network is monitored constantly evaluating vulnerabilities as well as attacks and unauthorized access attempts. We have a comprehensive and multidisciplinary team of people dedicated to the areas of security and protection schemes of our networks and platform of IT. Mass security policies are applied and the packages released for security by our main software providers (Microsoft), antivirus and Firewalls are updated. The accesses to our networks, servers and applications in general, are maintained with users and passwords, which also need to be changed periodically with the highest security levels, through internal policies adopted. The folders kept on our servers, with personal data, are protected, there are restricted access schemes to the folders. We have a comprehensive backup protocol ensuring at all times the integrity of the information handled by our companies.

In general, our Information Security Management System covers: security policies; organization of security; security related to HR; asset Management; access control; cryptography; physical and environmental security; security of operations; security of communications; acquisition, development and maintenance; relationship with suppliers; information security incident management; business continuity management and legal compliance.

10.3 In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.

11. Links to other websites

Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This privacy policy only applies to the personal information that we collect or which we receive from third party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

12. Changes to our privacy policy

We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by post or email.

13. Further questions and how to make a complaint

13.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact Mohammed_Saeed@gruma.com and / or Amy_LucyAshman@gruma.com.We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

13.2 If you have a complaint about how we use your personal information, we would always prefer you to contact us first. However, you have the right to lodge a complaint to the data protection regulator in the country where you usually live or work, or where an alleged infringement of the applicable data protection law has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.

The practices described in this privacy policy statement are current as of 1 December 2019.