Our Commitment to GDPR
Arsa Food B.V. is fully committed to protecting the personal data of our customers, partners, employees, and website visitors in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Implementation Act (Uitvoeringswet AVG).
As a Netherlands-based business operating across the European Union, GDPR compliance is not just a legal requirement for us โ it is a core part of how we do business. We believe in transparency, accountability, and respect for the individuals whose data we handle.
1. Legal Basis for Processing
We only process personal data where we have a lawful basis to do so under Article 6 of the GDPR:
- Contract performance โ Processing necessary to fulfil a trade order or manage a customer account
- Legitimate interests โ For business development, customer service, and security, balanced against your rights
- Legal obligation โ Where Dutch or EU law requires us to retain or process data
- Consent โ For marketing communications and non-essential cookies, where you have opted in
2. Data Minimisation
We collect only the personal data that is necessary for the specified purpose. We do not collect data speculatively or in excess of what is required. Data collection forms on our website ask only for information relevant to the enquiry or account application.
3. Data Security Measures
We implement appropriate technical and organisational security measures including:
- HTTPS encryption for all website data transmission
- Access controls limiting data access to authorised personnel only
- Regular review of data processing activities and security posture
- Data processing agreements with all third-party processors
- Secure storage of physical and digital records
4. Data Subject Rights
We uphold all rights granted to data subjects under the GDPR, including the rights to access, rectification, erasure, restriction, portability, and objection. We aim to respond to all data subject requests within 30 calendar days.
To submit a request, contact us at info@arsafood.com. We may need to verify your identity before processing a request. In complex cases, we may extend the response period by a further 60 days, in which case we will inform you promptly.
5. Third-Party Processors
Where we engage third parties to process personal data on our behalf (e.g. IT systems, logistics platforms, payment processors), we ensure:
- A written Data Processing Agreement (DPA) is in place
- The processor provides sufficient guarantees of GDPR compliance
- Processing is limited to the instructions we provide
- Sub-processors are subject to equivalent obligations
6. International Data Transfers
Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with an EU adequacy decision
We do not transfer data to countries without adequate protection unless required by law, and we document all such transfers in our records of processing activities.
7. Records of Processing Activities
As required by Article 30 of the GDPR, Arsa Food maintains an internal Register of Processing Activities (RoPA) documenting all data processing operations, purposes, categories of data subjects, and retention periods.
8. Data Breach Notification
In the event of a personal data breach, Arsa Food is committed to:
- Notifying the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours where the breach is likely to result in a risk to individuals' rights
- Notifying affected data subjects without undue delay where the breach is likely to result in a high risk
- Documenting all breaches, including those that are not required to be reported
9. Supervisory Authority
The competent supervisory authority for Arsa Food B.V. is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).
- Website: autoriteitpersoonsgegevens.nl
- Address: Prins Clauslaan 60, 2595 AJ Den Haag, The Netherlands
You have the right to lodge a complaint with the AP if you believe we have not handled your personal data in compliance with the GDPR.
10. Contact Our Privacy Team
For any GDPR-related enquiries, data subject requests, or to report a concern about our data practices:
- Email: info@arsafood.com
- Post: Arsa Food B.V., Privacy Team, The Netherlands
- Phone: +31-616 612 227
We take all privacy enquiries seriously and will acknowledge your contact within 2 business days.