Privacy and Data Security
At UNFI, your right to privacy and data security is a primary concern. That's why, when you visit UNFI.com, we help you maintain control over your personal data on the Internet. Below are the guidelines we use for protecting the information you provide us during a visit to our Internet site at www.unfi.com.
This statement discloses the privacy guidelines for the UNFI website.
UNFI only asks for specific types of personal information.
In a few areas on our Website, we ask you to provide information that will enable us to enhance your site visit, to assist you with technical support issues, or to follow up with you after your visit. It is completely optional for you to participate.
For example, we request information from you to:
1. Register on UNFI.com
2. Place an order
3. Provide online feedback
4. Participate in a promotional offer
5. Subscribe to a newsletter or a mailing list
In each of the instances above, we may ask for your name, e-mail address, phone number, address, name of business, type of business, and customer number, as well as other similar "personal" information that is needed to register or subscribe you to services or offers (referred to herin as "Personal Information"). If we ever ask you for significantly different information we will inform you. In the case of newsletters or mailing lists, you will be able to "unsubscribe" to these mailings at any time.
UNFI only uses your personal information for specific purposes.
The Personal Information you provide will be kept confidential and used by UNFI and its agents and contractors to support your customer relationship with us. Among other things, we want to alert you to product information, changes, special offers, and product promotions. Agents or contractors of UNFI who have access to your Personal Information are required to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for UNFI on your behalf.
UNFI may enhance or merge your non-personal statistical information collected at its site with data from other sites and third parties for purposes of marketing products and services to you.
At any time, you can stop receiving further marketing.
We may send you information about our various products and services, or other products and services we feel may be of interest to you. Only UNFI (or agents working on behalf of UNFI and under confidentiality agreements) will send you these direct mailings. If you do not want to receive such mailings, simply tell us when you give us your Personal Information. Or, at any time you can easily stop receiving further marketing from UNFI by E-mailing us at Customer Service www.unfi.com, or by calling Customer Service at one of our 800 numbers, and request your removal from our mailing list.
UNFI will not disclose your Personal Information to any outside organization for its use in marketing without your consent.
Your Personal Information or your order and the products you purchase will not be given or sold to any outside organization for its use in marketing or solicitation without your consent. Your Personal Information may be shared with agents or contractors of UNFI for the purpose of performing services for UNFI for your benefit.
Third-Party Sites
Please be aware that other web sites that may be accessed through our site may collect personally identifiable information about you. The information practices of those third-party web sites linked to UNFI.com are not covered by this privacy statement.
You are solely responsible for maintaining the secrecy of your passwords or any account information. Please be careful and responsible whenever you're online. If you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return. While we strive to protect your personal information, UNFI cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.
Safe Harbor Policy
Introduction
UNFI (the “Company”) is the leading independent national distributor of natural, organic and specialty foods and related products, including nutritional supplements, personal care items and organic produce, in the United States. The Company has adopted and adheres to a rigorous Personally Identifiable Information (PII) Security Policy.
Protecting consumer and employee privacy is important to the Company. The Company and its affiliated United States subsidiaries (hereinafter collectively referred to as the “Company,” “we,” “us” or “our”) adhere to the Safe Harbor Agreement concerning the transfer of personal data from the European Union (“EU”) to the United States of America. Accordingly, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (the “Principles”) with respect to all such data. If there is any conflict between the policies in this Safe Harbor Policy and the Principles, the Principles shall govern. This Safe Harbor Policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This Safe Harbor Policy applies to all personal information received by the Company whether in electronic, paper or verbal format. This Safe Harbor Policy also incorporates and supplements the Company’s Employee Manual: UNFI Employment Policies (Effective 12/21/2011) and the Company’s Information Protection policy (Effective 11/29/2011).
UNFI complies with the U.S. –EU Safe Harbor Framework and the U.S. Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. UNFI has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view UNFI’s certification, please visit http://www.export.gov/safeharbor/.
Definitions
“Personal Information” or “information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
Principles
Notice
The Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that information. The Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the information for a purpose other than for which it was originally collected.
Choice
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
Onward transfers
Prior to disclosing Personal Information to a third party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure, Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or is subject to law providing the same level of privacy protection as is required by the Principles and agrees in writing to provide an adequate level of privacy protection.
Data Security
The Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. The Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. The Company cannot guarantee the security of information on or transmitted via the Internet. As noted above, the Company has adopted a Personally Identifiable Information (PII) Security Policy to protect private information.
Data Integrity
The Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, the Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
Access
The Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
Enforcement
The Company uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using an independent resource mechanism, such as those offered by JAMS, to hear each complaint in compliance with the Safe Harbor Framework.
Amendments
This Safe Harbor Policy may be amended from time to time consistent with the requirements of the Safe Harbor Agreement and Principles. We will post any revised policy on UNFI’s website.
Information Subject to Other Policies
The Company is committed to following the Principles for all Personal Information within the scope of the Safe Harbor Agreement. However, certain information is subject to policies of the Company that may differ in some respects from the general policies set forth in this Safe Harbor Policy.
Contact Information
Questions, comments or complaints regarding the Company’s Safe Harbor Policy or data collection and processing practices can be mailed or emailed to:
Joseph Traficanti, General Counsel (jtraficanti@unfi.com)
or Jeffrey Shapiro, Associate General Counsel (jshapiro@unfi.com)
UNFI - Legal Department
313 Iron Horse Way
Providence, RI 02908
Effective date: September 4, 2013
Amended: September 23, 2014