Quick Guide to Our Privacy Notice 

GLO Brands B.V | Privacy Notice

1. INTRODUCTION

Welcome to GLO Brands B.V.  Your privacy is really important to us. We know that when you give us your personal information, you trust us to take good care of it. We promise to keep your information safe. This privacy notice is here to tell you how we collect, use, and protect your personal info. We want to make sure you understand everything, so you know exactly what happens to your data when you're with us, and even after. Here, we'll explain what we do with your information, who we might share it with, and what choices you have about your own data. 

2. WHO IS RESPONSIBLE FOR YOUR DATA?

GLO Brands B.V  is the company responsible for processing personal data as we describe in this privacy policy. GLO is a part of the Bunzl Group. Bunzl is an international leader in the distribution of non-food consumables. Bunzl is active on 4 continents and is represented in 32 countries with more than 250 distribution centres and over 22000 employees (for more information please see: www.bunzl.com/)

Please note that in this privacy notice, we are addressing our role as a data controller. This means that we determine the purposes for which and the manner in which any personal data are, or will be, processed.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information. 

If you have questions about how we process personal data, or would like to exercise your data subject rights, please use the information supplied in the Contact Us section below. 

3. WHEN DOES THIS PRIVACY POLICY APPLY? 

This privacy policy applies when you use GLO’s website and the services as described in our General Terms and Conditions. 

Our website may contain links to other websites with different privacy policies. Please note that any personal information you provide on those websites will be subject to their own privacy polic 

4. WHY WE NEED YOUR DATA AND HOW WE USE IT?

To use/process your personal information, we need to have a good, lawful reason – this is what we call a "legitimate legal basis". It's like having a set of rules that say it's okay for us to collect and use your data, but only in certain ways and for specific reasons. Here's how it works.

• When you say it's okay (Consent): If you tell us we can use your information for something, like sending you newsletters, that's a green light for us. 

• To fulfill our agreement with you (Contractual Necessity): When you buy something from us or sign up for a service, we need to use your information to deliver what you've asked for. This could be sending your purchase to you or providing access to a service. 

• Because the law requires it (Legal Obligation): Sometimes, we're required by law to use your data in certain ways, such as for keeping financial records or complying with legal requests. 

• When we have a good reason (Legitimate Interests): If we have a fair and necessary reason to use your data, like to improve our services or to ensure our website is secure, we might go ahead. We balance our interests with your rights to ensure your privacy isn't unfairly impacted.

For every piece of personal information we collect and use, we have a clear reason – purpose – for doing so. It's like each time we ask for your data, we need to tell you exactly why we need it and what we're going to do with it. This makes sure that we're always transparent with you and that we use your information responsibly.

But that's not all. Along with telling you why we're using your data (the purpose), we also need to make sure we have a legal right to do it (the legal basis). It's like having both the reason and the permission to use your data in certain ways.

In the table below, we break down exactly what data we may use, what we're doing with your data and why, along with the legal basis for each activity. This way, everything is clear and transparent, and you can feel confident knowing exactly how and why your information is being used. 

Process and Deliver Orders 
Purpose: To process, deliver, and communicate about orders (delivery, collections, issues, preparation) 
Data Categories: Personal Identification Data, Contact Details, Order and Delivery Information 
Legal Basis: Contractual Necessity 

Customer Service 
Purpose: To handle questions, feedback, complaints, improve services 
Data Categories: Personal Identification Data, Contact Details, Payment Information, Order and Delivery Information, Communication and Feedback 
Legal Basis: Contractual Necessity & Legitimate Interests (service improvement) 

Process Payments 
Purpose: To process and verify payments securely with providers (PCI standard) 
Data Categories: Personal Identification Data, Payment Information, Order and Delivery Information, Contact Details 
Legal Basis: Contractual Necessity 

Prevent Fraud and Abuse 
Purpose: To detect and prevent fraud or misuse of services (e.g., payment checks, restrictions) 
Data Categories: Personal Identification Data, Payment Information, Order and Delivery Information, Contact Details, Usage Data, Communication and Feedback 
Legal Basis: Legitimate Interest 

Advertising 
Purpose: To show relevant advertisements online, measure campaigns, identify audiences (via cookies) 
Data Categories: Browser & Device Information, Advertising Data, Usage Data 
Legal Basis: Consent 

Newsletter 
Purpose: To send news, updates, promotions, company insights 
Data Categories: Personal Identification Data, Contact Details 
Legal Basis: Consent 

Market and Product Research 
Purpose: To study product popularity, demand forecasting, model training 
Data Categories: Order and Delivery Details 
Legal Basis: Legitimate Interest 

Legal Obligations 
Purpose: To comply with legal obligations, establish or defend legal claims (e.g., tax retention, recalls) 
Data Categories: Personal Identification Data, Contact Details, Account Log Information, Order and Delivery Information, Payment Information, Communication and Feedback, Usage Data, Advertising Information, Browser & Device Information 
Legal Basis: Legal Obligation & Legitimate Interest 

5. HOW DO WE SHARE DATA WITH OTHERS?

We want you to know that your personal data is in safe hands with us. There are times when we need to share your information with other trusted parties to provide you with our services or to meet our legal obligations. But don't worry, we're very selective about who we share your data with and ensure it's always protected. 

Here's a quick look at who might need access to your data and why: 

• Financial and Legal Partners: This includes banks, insurance companies, and our advisors in financial, tax, legal, and accounting matters. They help us manage our business responsibly and securely. 

• Training and Development Experts: Sometimes, we work with specialists to enhance our team's skills and services, which means sharing information to tailor training programs. 

• IT & Security Service Providers: These are the tech wizards who keep our systems running smoothly and safely. Sharing data with them means you get a better, more secure experience. 

• Corporate Changes: If we're involved in a merger, acquisition, or sale, data might be transferred as part of the business assets, but we'll always keep you in the loop. 

• Distribution Partners: To ensure the products you order reach you quickly and safely, we share necessary details with our distribution partners. This collaboration helps us streamline the delivery process, making sure your products are on their way to you without any hitches. 

And, of course, if the law or public safety requires it, we might need to share information with public authorities or governments. But even then, we'll only share what's absolutely necessary.

Your trust is important to us, so we promise never to sell your personal data or use it for anything like cross-context behavioural advertising. Your privacy is our priority, and we're here to keep your data safe while providing you with our best services. 

6. INTERNATIONAL DATA TRANSFER 

Due to our company’s multinational nature, the data we process about you may be transferred to or accessed by BUNZL, our affiliates, and trusted third parties from different countries around the world. Your personal data may be moved to a country other than where you live if it's needed for the purposes we've mentioned in this Privacy Notice. We're serious about protecting your rights during these transfers. That's why we only send your personal data to places where: 

• The European Commission has decided there's an adequate level of data protection. Please find the list of countries here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en   

• There are strong safeguards in place for transferring your personal data, such as:  

• Standard Contractual Clauses; 

•  Codes of conduct; 

•  Certification mechanisms; 

• Or, if the transfer is allowed under the data protection laws that apply. 

We make these international transfers to continue providing you with the best possible services, no matter where you or we are in the world. You may find the countries we may transfer your data, in appendix 2.

Finding Out More 

We believe in transparency, so we've put together a detailed list of all the processors and partners we work with. This list is regularly updated to reflect any changes, ensuring you have the most current information at your fingertips. You can find this list at the bottom of this page. 

7. WHEN WILL MY DATA BE DELETED? 

We will store your personal data as long as is necessary for the purposes named in this Privacy Notice, especially for the fulfilment of our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the law allows us to store it for particular purposes, including for defense against legal claims. 

If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing.

What does blocking mean? 

If data is blocked, restriction of access rights and other technical and organizational measures are used to ensure that only a few employees can access the relevant data. These employees may also only use the blocked data for the above purposes (e.g. for submission to the tax office in the event of a tax audit).

Blocking will occur, for example, in the following cases: 

• Your order and payment details and perhaps other details are generally subject to various legal retention obligations, The law obliges us to retain this data for tax audits and financial audits for strictly specified periods  of time. Only then can we finally delete the relevant data. 

• Even if your data is not subject to any legal retention obligation, we may refrain in the cases allowed by the law from immediate deletion and instead carry out initial blocking. This applies especially in cases where we may need the relevant data for further contractual processing or prosecution or legal defense (e.g. in the event of complaints). The decisive criterion for the duration of the blocking is then the legal limitation period. After the relevant limitation periods expire, the relevant data will finally be deleted. 

8. HOW WE KEEP YOUR PERSONAL DATA SAFE? 

Your privacy and the security of your personal data are of utmost importance to us. We're committed to protecting the information you share with us. To do this, we've put in place a variety of security measures aimed at preventing your personal data from being lost, misused, accessed without permission, changed, or disclosed. 

Here's what we do to keep your data safe: 

• Robust Security Practices: We use state-of-the-art security measures to ensure your data is handled securely. 

• Limited Access: Only staff, agents, and contractors who really need to know your information for business reasons can access it. They're all trained in data protection and understand the importance of keeping your information secure. 

• Ongoing Vigilance: We continuously monitor and update our security practices to tackle new and evolving threats.

We want to remind you, though, that no system is 100% secure. While we do everything we can to protect your data on our end, there's always a risk when data travels over the internet. We encourage you to be mindful of this and take your own precautions to protect your information online. Unfortunately, we can't be responsible for any data breaches that happen outside of our control. 

Remember, your security is a team effort. If you have any questions about how you can help keep your data safe, or if you want to learn more about our security measures, please don't hesitate to get in touch. Your peace of mind is our priority.

9. YOUR RIGHTS 

Under certain circumstances, by law you have the right to: 

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.  

• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 

• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).  

• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object when we are processing your personal information for direct marketing purposes.  

• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.  

• Request the transfer of your personal information to another party.  

• Right to human intervention. If the personal data is being used to make automated decisions about you as the data subject (e.g., profiling), you have the right to be told what logic the system uses to make those decisions and to be able to request human intervention to override any such automated decisions.  
   

If you submit a data subject request, we will respond within 30 days, unless the complexity or volume of requests necessitates an extension. In such cases, we may extend our response time by up to two additional months and will notify you of this extension and the reasons for it within the initial 30-day period. 

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us.  

Please note that some of these rights are subject to certain limitations or exceptions. Any requests will be assessed on a case-by-case basis. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.  

10. HOW TO CONTACT US? 

If you have any questions or concerns about the processing of your data or the content of this Privacy Notice, please do not hesitate to contact privacy@glolicensing.com. 

Mailing address: 

GLO Brands B.V. 
Rondebeltweg 82  
1329 BG Almere 
The Netherlands  

11. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

If you have any complaints regarding the processing of your personal data, please do not hesitate to contact us at the address indicated in the previous section. 

If you are not satisfied with our response to your complaint, or if you believe that our processing of your data is contrary to the requirements of applicable data protection legislation, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via its website: https://autoriteitpersoonsgegevens.nl.

12. CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update and modify this Privacy Notice to ensure that it accurately reflects changes in our practices and our processing of your personal data.

It is important that the information we hold is accurate and up to date. Please keep us informed of any changes to your information that may occur during the recruitment process.

Last modified: 17 September 2025 

Data Processors and Business Partners

Name: Leadpages 

Detail: Website hosting and landing page builder (Business website) 

Address: 251 N 1st Ave, Suite 200, Minneapolis, MN 55401, USA 

Website: https://www.leadpages.com 

Privacy Notice: https://www.leadpages.com/privacy 

Purpose of Usage: Hosting and operation of business website 

Name: Monday.com 

Detail: CRM / workflow tool to manage contact inquiries from both websites 

Address: 52 Menachem Begin Rd, Tel Aviv 6713701, Israel 

Website: https://monday.com 

Privacy Notice: https://monday.com/l/privacy/privacy-policy 

Purpose of Usage: Storage and follow-up of contact inquiries 

Name: Google LLC 

Detail: Google Analytics 4 (GA4) 

Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

Website: https://analytics.google.com 

Privacy Notice: https://policies.google.com/privacy 

Purpose of Usage: Analytics and usage tracking 

DATA TRANSFER - LIST OF THE COUNTRIES 

Country: Israel

Type of Safe Guard: monday.com – Recognized as providing adequate protection by the European Commission. Use of EU Adequacy Decision and SCCs. 

Country: United States 

Type of Safe Guard: Google (GA4) – Use of Standard Contractual Clauses (SCCs); Google’s DPF certification for transfers to U.S. 

Country: United States 

Type of Safe Guard: Leadpages – Use of Standard Contractual Clauses (SCCs); Google’s DPF certification for transfers to U.S.