Bunge Europe Business Partner Data Protection Notice

Last updated: August 2, 2021

I. Introduction and Scope
Bunge (“Bunge”, “we”, or “our”) is committed to processing personal data responsibly and in compliance with the applicable data protection laws, including also the General Data Protection Regulation (“GDPR”) where applicable. 

This Bunge Europe Business Partner Data Protection Notice (the “Notice”) describes the types of personal data Bunge collects, how Bunge uses the personal data, with whom Bunge shares the personal data, and the rights you, as a data subject, have regarding Bunge’s use of the personal data. This Notice also describes how you can contact us about our data protection practices.

The protection of personal data relating to Bunge’s business partners is one of Bunge’s priorities. This Notice therefore applies to former, present and prospective business partners such as investors, shareholders, contractors, service providers, consultants, advisors, farmers, producers, customers, including any subcontractors, and consumers as end-use customers, as well as their proxy holders, representatives and employees, in the context of a business relationship (each a “Business Partner”).

We may provide supplemental privacy notices on specific occasions, when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. Those supplemental notices should be read together with this Notice. In the event of any inconsistency between the provisions of this Notice and those supplemental notices, the supplemental notices will prevail. 

II. Contact Details of the Data Controllers
The data controllers for the purposes of processing personal data relating to Bunge’s Business Partners are listed in Annex 1.

III. Contact Details of the Data Protection Officers and the Data Protection Coordinators
A local data protection coordinator (“DPC”) or data protection officer (“DPO”) is designated at the country level.

The DPCs/DPOs are involved in all issues related to the protection of your personal data. In particular, the DPCs/DPOs are in charge of monitoring and ensuring compliance with this Notice and the applicable data protection laws. They will also provide advice on data protection matters upon request.

For any clarification or additional information you may need in order to fully understand this Notice, please contact your local DPC or DPO.

The local DPCs and DPOs’ contact information can be found in Annex 2.

In addition, you may also contact the Legal Department of Bunge SA at [email protected]

IV. Categories of Personal Data Processed
We process the following types of personal data relating to our Business Partners :

  • Name, gender, age, address, date and place of birth, ID card or passport details, phone number, email address, nationality;
  • Occupation/title, name of organization, department, business postal address, business telephone number, business facsimile number, business email address, VAT numbers, tax identification numbers, language preference;
  • Bank details, bank ownership certificate, information regarding creditworthiness (e.g. financial statements);
  • License plate number, driver’s license;
  • CCTV images, work permit, time in/time out of work, specific work authorizations, training information, information on Bunge-issued gate passes and badges, photographs, resume/CV, relevant experience and/or academic and professional qualifications, professional licenses and certifications;
  • Personal data processed through social media platforms (e.g., Bunge’s Facebook Fan Page), and social media plugins embedded in Bunge’s websites such as your name, your profile picture and the fact that you are interested in Bunge;
  • Special categories of personal data, as defined by the GDPR, such as health-related data;
  • Personal data relating to criminal convictions and offenses such as criminal records. Such processing activity will only take place provided that a legal basis has been determined and that:

I. It is carried out only under the control of an official authority; or
II. It is authorized by EU or EU Member State law providing for appropriate safeguards for the rights and freedoms of data subjects.

Bunge will maintain personal data in a manner that ensures it is accurate, complete and up-to-date.

V. Purposes of Data Processing and Legal Basis
Bunge processes personal data in accordance with applicable data protection laws and only for limited, explicit and legitimate purposes. Bunge will not use personal data for any purpose that is incompatible with the purpose for which it was initially collected unless (i) you provide your prior explicit consent for further processing; or (ii) EU or EU Member State law authorizes such further processing.

Bunge processes personal data relating to its Business Partners for the following purposes and corresponding legal basis:


Legal basis

Assessing capabilities and resources of intending bidders in the context of any call for expressions of interest and invitations to tender.

Legitimate interests of Bunge to run and develop its commercial operations.

Concluding and managing contracts, conducting credit analysis, managing commercial relationships, order fulfillment, managing goods and services deliveries and shipments, payment and invoicing for goods and services, contacting Business Partners (either directly or indirectly through a third party).


B-to-C: Contractual obligation.


B-to-B: Legitimate interests of Bunge to run Bunge’s business as appropriate to deliver and improve its goods or services; and legal obligation.


All present and potential contractors: Contractual obligation; Legitimate interests of Bunge to manage Bunge’s business; and legal obligation.

Carrying out promotional operations, direct marketing and surveys (either directly or indirectly through a third party).

Legitimate interests of Bunge to promote Bunge’s position in the market.

Benefiting from social media-related analytics.

Legitimate interests of Bunge to develop commercial activities and improve its products and services.

Performing compliance and/or sanction checks and investigations.


Legal obligation;

Legitimate interests of Bunge to ensure the proper functioning of Bunge and compliance with the laws.

Ensuring security, safety, including identity checks and screenings of on-site visitors.


Legitimate interests of the Company to ensure security and integrity of the Company; or

explicit consent in case of special categories of personal data.

Work allocation from health and safety perspective, health and safety trainings, health and safety prevention activities and managing security and safety incidents.


Contractual obligation;

Legal obligation;

Legitimate interests of Bunge to ensure security and safety of Bunge, as well as to ensure a safe working environment for all the people at Bunge’s premises; or your explicit consent in case of special categories of personal data.

Complying with legal obligations and/or regulatory investigations, and assisting Bunge in the context of any claim, litigation, or arbitration, including employment proceedings.

Legal obligation;

Legitimate interests of Bunge to ensure the proper functioning of Bunge and to defend Bunge’s legal interests.

Protecting Bunge against injury, theft, legal liability, fraud, data losses and unauthorized disclosure of confidential information (including by the use of data loss prevention tools), abuse or other misconduct.

Legal obligation;

Legitimate interests of the Company to ensure the proper functioning of the Company and to defend Bunge’s legal interests.

Managing Bunge’s transactions (including but not limited to merger, acquisition, divestiture or liquidation).

Legitimate interests of Bunge to conduct Bunge’s business dealings.

Preparing for and managing the attendance and voting procedures for shareholders’ meetings, managing Bunge’s register of nominative shareholders, paying dividends and other distributions to Bunge’s shareholders and/or holders of other Bunge securities.

Legal obligation.

Managing company operations, including the operation and monitoring of the proper functioning and security of Bunge’s IT assets and resources.

Legitimate interests of Bunge to ensure the security and safety of Bunge.

Bunge ensures that its internal governance procedures clearly specify the reasons behind decisions to use personal data for further processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.

VI. Disclosure of Personal Data
Bunge will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the function for which such access is granted.

Subject to the purposes described in Section V and applicable laws and regulations, Bunge will, from time to time, disclose personal data processed as follows:

  • Within Bunge’s organization
  • To authorized staff members;
  • To any member of the Bunge Group, which means our subsidiaries and affiliates.
  • To third parties
  • Relevant third party service providers;
  • Vendors, contractors and partners (e.g., business relationship management service providers, professional advisers, survey or marketing agencies, IT service providers);
  • To insolvency administrators in the event of private bankruptcy;
  • Regulatory authorities, governmental or quasi-governmental organizations;
  • Potential purchasers of Bunge or Bunge’s business.

Authorization to access personal data will always be linked to the function, so that no authorization will be extended to access personal data on a personal basis. Service providers will only receive personal data according to the purposes of the service agreement with Bunge.

VII. Interacting with Bunge through Social Media
For information on how your personal data are processed on social media platforms, including any targeted advertising that you may receive, please refer to the respective social media platform’s privacy policies and terms of use.

If you choose to interact with Bunge through social media on a Bunge administered social media page (“Bunge Social Media Page”) such as Facebook, Instagram, Twitter or LinkedIn, your personal data will be visible to all visitors of your personal webpage depending on your privacy settings on the relevant social media platform, and will also be visible to Bunge. You can delete any information that you share on these sites at any time through your relevant social media platform’s account. Bunge does not track your activity across the different social media sites that you use. Please contact us if you wish to make a request that you are unable to action yourself and which relates to a Bunge Social Media Page.

Additionally and to the extent Bunge is jointly responsible with a social media platform of a Bunge Social Media Page, Bunge will have access through the social media platform to aggregated data providing statistics and insights that help to understand the types of actions you take on Bunge Social Media Pages.

VIII. International Data Transfers
International data transfers refer to transfers of personal data outside of the EEA and Switzerland.

The international footprint of Bunge involves the transfer of personal data to other group companies or third parties, which may be located outside the EEA and Switzerland, including the United States. Bunge will ensure that when personal data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the  personal data are implemented to secure such data transfers in compliance with applicable data protection laws.

Bunge has implemented an intra-group international data transfer agreement to cover international data transfers between companies of the Bunge Group, a copy of which can be obtained by contacting the Legal Department of Bunge SA at: [email protected].

IX. Retention of Personal Data
Bunge will not retain your personal data processed longer than necessary for the purposes for which it was collected or otherwise processed as set out in this Notice, and for which Bunge has a valid legal basis. In any case, we will not retain it longer than allowed under statutory local retention periods, e.g., tax or commercial requirements.

In case where Bunge would be involved in any legal claims, we are entitled to continue to process your personal data that is relevant for such claims, subject to applicable local retention requirements.

X. Data Protection Rights
Under applicable data protection laws, you will benefit from the following rights. You can exercise these rights at any time, subject to conditions, by contacting the local DPC or DPO:

  • Right to access to, rectification and erasure of personal data;
  • Right to restriction of processing;
  • Right to object to processing;
  • Right of data portability to the extent applicable;
  • Right to withdraw consent where the processing is based on consent; and
  • Right to lodge a complaint with the supervisory authority.

XI. Implementation
The present Notice will be applied to and implemented by all the entities of Bunge in Europe in their respective country.

XII. Notice Compliance and Contact Information
Monitoring and ensuring compliance of the personal data processing within Bunge with this Notice and applicable data protection laws is the responsibility of the DPCs and the DPOs.

As mentioned above, you may contact your local DPC or the DPO, or the Legal Department of Bunge SA, with regard to any issue related to processing of you personal data and to exercise your rights as mentioned above. The local DPCs and DPOs’ contact information can be found in Annex 2.

XIII. Miscellaneous
This Notice may be revised and amended by Bunge SA (13 route de Florissant, 1206, Geneva, Switzerland) from time to time and appropriate notice about any amendments will be given.

Annex 1 - List of data controllers (PDF)

Annex 2 - List of data protection coordinators and data protection officers contact list (PDF)