Data privacy

Data privacy

The protection of personal data is paramount. Customers, associates and business partners entrust our businesses with their personal data and we must safeguard this information at all times. At Ahold Delhaize and its brands we always strive to use customer data to benefit customers, whether it is checking their home address for grocery deliveries, accessing their shopping history to receive personalized benefits or confirming account details for online orders.

Our key principles

We have established five principles that guide how Ahold Delhaize and its brands manage personal data:

1. We are committed to protecting the personal data of customers, associates, business partners and service providers.
2. We maintain personal data for legitimate business purposes only and are transparent about when and how personal data is collected, used, or shared.
3. We provide customers with reasonable notice and control over their data.
4. We strive to use customer data to benefit customers.
5. We are committed to complying with legal and regulatory obligations everywhere we do business.

Ahold Delhaize and each of its brands has a privacy notice for their customers and associates, in line with local legal obligations. Each brand's privacy notice for customers is available on its website and apps.

Global Data Protection Regulation (GDPR)

In May 2018, the General Data Protection Regulation (GDPR) became effective in the European Union, introducing regulation to further protect the data of consumers, suppliers and associates. Ahold Delhaize and its local brands welcome this regulation as we now have one European regulation for all our EU brands. Our European businesses adhere to the GDPR. Should a situation arise where we, or any of the brands, would not be fully compliant with a requirement, we will take immediate measures to correct that situation. To monitor our GDPR compliance, a Data Protection Officer has been appointed for the brands that require this role according GDPR regulation.

Substantiated complaints from customers and authorities

Each of our Brands in Europe and the US have a process in place to receive and follow-up on customer complaints and to respond to inquiries from data protection authorities. 

In Europe, the Brands covered by the GDPR and under an obligation to appoint a Data Protection Officer (DPO) have appointed one “Group DPO” to perform oversight over all data privacy processes, structures and measures in those Brands. Throughout the year, this DPO receives a number of questions and complaints from both customers and authorities. The U.S. Brands have appointed a Privacy Officer to oversee all data privacy processes, structures and measures in those Brands. The Privacy Officer receives and responds to all questions, complaints and inquiries from customers, associates and regulators. 

For 2020, the customer complaints and requests that Ahold Delhaize received from authorities can be categorized as follows:

• Customer complaints about access and erasure requests: 9
• Customer complaints related to cookie consents on websites: 1
• Other customer complaints: 10
• Complaints from regulatory bodies: 0
• Requests for information and inquiries from regulatory bodies (no complaints and no fines or other penalties levied): 5