NESTLÉ POLICY ON THE PROTECTION OF PERSONAL DATA
NESTLÉ POLICY ON THE PROTECTION OF PERSONAL
Effective date: 5/25/2018 Last update : 12/6/2018
Nestlé respects your right to privacy and has not waited for the arrival of the General Data Protection Regulation ("GDPR") to set all the needed technical and organizational measures to guarantee the security of the personal data you transmit to us.
This personal data policy ("the Policy") explains how your personal data is collected, used and possibly transmitted to third parties by the different companies of the Nestlé Group in France ("Nestlé", "we"). It also describes how you can access, update and make choices about how your personal data is used.
It covers both our online and offline data collection activities, including personal data that we collect through our various channels such as our websites, our apps, third-party social networks, our Consumer Services and Customer Relationship Centers, our shops, point-of-sale events and at events organized by our brands. Please be aware that the personal data we collect through a channel (for https://www.vittel.com/ [Vittel]) may in some cases be combined with personal data collected through another channel (for example, an offline event organized by [indicate brand]). Similarly, we may have to aggregate the personal data initially collected by a company of the Nestlé Group in France with those collected by other companies of the group (Nestlé France, Nestlé Purina Petcare France, Cereal Partners France, Nestlé Waters Marketing and Distribution, Herta, Nespresso France...): when this is the case, it allows users of our websites to log in with only one authentication. Refer to Question #9 - "What are your rights and how do you exercise them?" for the procedure to follow if you wish to object.
If we are missing personal data at the time of collection (we will inform you if necessary, for example, by means of clear messages in our registration forms), we may be unable to provide you with our products and/or services.
This Policy provides answers to the following questions:
1 - In which cases Nestlé collect your personal data?
2 - What personnal data do we collect and how?
3 - What is Nestlé's policy on children's personal data?
4 - What uses do we make of your personal data?
5 - Does Nestlé disclose your personal data?
6 - How long will you personal data be kept?
7 - How does Nestlé store and / or transfer your personal data?
8 - What are your rights and how do you exercise them?
9 - What are your choices about how we use your personal data?
10 - Changes to our Policy
11 - Who are the controllers and how do I contact them?
1 - In which cases Nestlé collect your personal data?
The Policy applies to personal data that we collect from you or about you, through the methods described in Question #2 - "What personal data do we collect and how?", from the following sources:
- Websites: the online websites that we operate under our own domain names/URLs and the mini-sites/pages/accounts that we have created on social networks of third parties such as Facebook ("websites").
- Mobile sites/applications: consumer mobile websites or applications operated by Nestlé, such as smartphone applications.
- Email, text and other email messages: This includes electronic communications between you and Nestlé
- Consumer Services and Client Relationship Centers (“CRCs”): any communication on your part with our Consumer Services or our CRCs (e-mails, calls, e-mails).
- Offline registration forms: printed registration forms and other similar forms by which we collect personal data from consumers, by postal mail, during in-store events or as part of other events.
- Advertising interactions: interactions with the banner ads of our brands (for example, if you interact with one of our banner ads on a third-party website, we may receive the information of this interaction).
- Data we create: as part of our interactions with you, we may create data associated with your person (e.g. tracking your online purchases on one of our websites).
- Data from other sources: information about you that we collect through social networks (e.g. Facebook or Google), market research (when the answers are not anonymized), Nestlé's promotional partners, public sources, or when purchasing a company.
2 - What personnal data do we collect and how?
Depending on how you interact and communicate with Nestlé (online, offline, by phone, etc.), we may collect from you different types of information as described below:
- Personal information: this includes any information you provide to us so that we can contact you personally, such as your name, mailing address, e-mail address or telephone number.
- Account login data: the data you need to access your profile on your account. This may be your username/e-mail address, password and/or your security question and answer.
- Demographic information and interests: that is information about your demographic or behavioral characteristics. This includes for example your date of birth, your age, where you live (e.g. your zip code), your favorite products, hobbies and interests as well as information about your home and lifestyle.
- Technical information on your computer/mobile device: information about your computer system or any other technological device that you use to access one or more of our websites or applications, such as the Internet Protocol (IP) address used to connect your computer or device to the Internet, the type of operating system, and the type and version of your web browser. If you access a Nestlé website or application from a mobile device such as a smartphone, the information collected will include, where permitted, your phone’s unique identifier, advertising identifier, geolocation and other similar mobile device data.
- Website usage/interaction information: when you browse and interact with our websites or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes information such as the links you click on, the pages or content you view and for how long, and other similar information, as well as statistics about your interactions such as content response times, download errors, and how long certain pages visit. This information is captured using automated technologies such as cookies (browser cookies, flash cookies) and web beacons, and is also collected using third-party tracking devices. You have the right to oppose the use of these technologies; For more information on this subject, please consult our "Nestlé Cookie Policy".
- Market research and feedback from consumers: this includes information you consent to share with us about your experience as a user of our products and services.
- Consumer-generated content: this refers to any content you create and share with us on third-party social networks or by posting it on one of our websites or applications, including using third-party social networking applications such as Facebook. This includes photos, videos, personal stories or other similar content or media. If you have accepted it, we collect and publish the content generated by you in the course of various activities, such as games or other promotional activities, the community functions of the website, the opinions and comments of consumers and the presence on third party social networks.
- Financial and payment data: any information we need to honor an order, or that you use to make a purchase, such as your credit card information (card holder name, card number, expiration date, etc.) or information about other payment methods (if available). In all cases, we or our payment processor(s) manage and process financial and payment data in accordance with applicable regulations and security standards, such as the security standard of the payment card industry.
- Calls to Consumer Services/Customer Relationship Centers: your communications with our Consumer Services or a CRC can be recorded or listened to for quality control or staff training purposes. You will be notified of this recording at the beginning of your call. Credit card information is not saved.
- Sensitive Personal Data: we have no reason to collect or process sensitive personal data (e.g. health data) as part of our ongoing business activities. If we were required to do so for the purpose of sending marketing or medical communications, we would do so in strict compliance with the provisions of the GDPR relating to processing of particular categories of data, and in particular only with your explicit consent for specific and legitimate purposes pursued by Nestlé.
3 - What is Nestlé's policy on children's personal data?
We believe it is extremely important to protect the privacy of children accessing the Internet and encourage parents or guardians to spend time with them to participate in and manage their online activities.
Make sure that your children do not give your personal data over the Internet without first asking for your permission.
On some of our websites (especially our online trading websites) the creation of an account is reserved for adults.
We do not collect personal data from children under the age of 13. If we realize that we have accidentally collected personal data from children under the age of 13, we will erase them from our databases as soon as we become aware of it.
The only exception concerns the collection of personal data of children under 13 years of age directly through a parent or guardian, with their explicit consent. You can at any time verify, modify, delete your child's personal data. You can also request the deletion of your child's data by sending the request by mail to the address given in the contacts indicated in Question No 8 - "What what are your rights and how do you exercise them?".
4 - What uses do we make of your personal data?
In the table below you will find a list of the purposes Nestlé pursues in collecting and processing your personal data and the different types of personal data that are collected for each purpose. Please note that some people may not be affected by some of the uses listed below.
What uses ? |
Principles underlying this use |
Our legitimate interests |
Consumer Services and/or Customer Relationship Center: we use your personal data to respond to your requests. This means knowing certain personal details and information relating to the nature of your request (status of an order, technical problem, question/claim on a product, general question, etc.). |
- Fulfilling our contractual obligations contractuelles |
- Improve and develop new products and services |
Marketing communications, games, contests and other promotions: with your consent (where necessary), we use your personal data to provide you with information about our products or services (for example, in the context of marketing or promotional communications/campaigns). We can do this through, for example, advertisements, e-mails, text messages, telephone calls and postal mail, to the extent permitted by applicable law. Some of our campaigns and promotions are carried out on third party websites and/or social networks. This use of your personal data is the result of a voluntary process on your part, which means that you may object to the processing of your personal data for these purposes. For detailed information on how to change your marketing communications preferences, please refer to Questions 8 - "What are your rights and how do you exercise them?" and 9 - "What are your choices about how we use your personal data?". To find out more about our games, contests and other promotions, please refer to the rules and information accompanying each game, contest or promotion. |
-Your consent (when necessary) |
- Find out which of our products and services may interest you and tell you about them |
Third-party social networks: we use your personal data when you use third-party social network functions, such as the "Like" function, to provide you with advertisements and to interact with you on these third-party social networks. To learn more about how these functions work, the profile data we obtain about you and the procedure for refusing this use of your personal data, you should read the privacy policies of the third party social networks concerned. |
- Your consent (when necessary) |
- Find out which of our products and services may interest you and tell you about them |
Customization (offline and online): with your consent, we use your personal data (i) to analyze your preferences and habits; (ii) to anticipate your needs based on our analysis of your profile; (iii) to improve and personalize your experience on our websites and applications; (iv) to ensure that content from our websites or applications is the most appropriate for you and your computer or device; (v) to provide you with targeted advertising and content; and (vi) to enable you to participate in interactive activities, when you wish. For example, we store your login/email address or pseudonym so that you can quickly log in during your next session or so that you can easily find the items previously placed in your cart. On the basis of this type of information, and with your consent, we also show you Nestlé content or promotions tailored to your interests. This use of your personal data is the result of a voluntary process on your part, which means that you can oppose the processing of your personal data for this purpose. For details on how to opt out, see Question #9 - "What are your choices about how we use your personal data?". |
- Your consent (when necessary) |
- Find out which of our products and services may interest you and tell you about them |
Order Processing: we use your personal data to process and ship your orders, inform you of the status of your orders, verify that we have the correct addresses, verify your identity and carry out other anti-fraud checks. This involves using certain personal data and payment information. |
- Fulfilling our contractual obligations |
- Improve and develop new products and services |
Other general uses (internal or market research, analysis, security, etc.): In accordance with the laws in force, we use your personal data for other general commercial purposes, including conducting internal or market studies and measuring the effectiveness of our advertising campaigns. If you have multiple Club Member accounts for Nestlé brands, we reserve the right to reconcile these accounts into one account. We also use your personal data to ensure the security of our operating systems, networks and security systems.. |
- Fulfilling our contractual obligations |
- Improve and develop new products and services |
Legal grounds or merger/acquisition: in the event that Nestlé or its assets are acquired by, or merged with, another company, including in the event of bankruptcy, we will share your personal data with any of our legal successors. We will also disclose your personal data to third parties (i) where required by law; (ii) in response to legal proceedings; (iii) in response to a request from a law enforcement agency; (iv) to protect our rights, confidentiality, security or property, or the public; or (v) to apply the terms of any agreement or the terms of use of our website. |
- Legal obligations |
- Protect our assets and personnel
|
5 - Does Nestlé disclose your personal data?
In addition to the legal entities of the Nestlé Group mentioned in Question n°11 - "Who are the controllers and how to contact them?", we may share your personal data with different groups of third-party companies:
Service providers: these are external companies that we ask to help us carry out our activities (order fulfillment, payment processing, anti-fraud detection, identity verification, website operation, market research, support services, promotion management, website development, data analyzes, consumer and/or customer services, etc.). These service providers, and certain members of their staff, are authorized to use your personal data on our behalf only for the specific tasks for which they have been requested, in accordance with our instructions, and are required to protect the confidentiality and security of your personal data. When required by law, you can obtain a list of providers processing your personal data (see Question No. 11 - "Who are the controllers and how do I contact them?").
Credit assessment/recovery agencies: within the limits set by law, credit bureaus and debt collection agencies are external companies that we solicit to help us verify your solvency (especially for orders with invoices) or to recover claims resulting from unpaid invoices.
Third-party companies using personal data for their own marketing purposes: except in cases where you have given your consent, we do not sell your personal data to third parties for their own marketing purposes. If so, the identity of these third-party companies will be disclosed at the time your consent is sought.
Third party recipients using personal data for legal reasons or as a result of a merger/acquisition: we will disclose your personal data to third parties for legal reasons or as part of an acquisition or merger (see Question #4 - "What uses do we make of your personal data?" for more information).
6 - How long will you personal data be kept?
Your personal data will be retained by Nestlé only for such time as is reasonably necessary for the purposes described in this Policy. The criteria we use to determine the retention periods of your personal data are as follows:
1 - Nestlé will keep your personal data in a form that allows you to identify yourself during the duration of your participation in one or more of our loyalty programs, or during the duration of your membership in one of our online services. They can then be stored and processed for 3 years after the last contact on your part, to allow us to send you marketing or commercial solicitations.
2 - However, your personal data may be retained for longer under specific legal obligations or within the applicable legal limitation periods. For example, data will be retained for:
- 6 years for tax documents;
- 10 years for accounting records;
- All the duration of the litigation and until the exhaustion of the remedies.
3 - Personal data used to provide you with a personalized experience (see Question #4 - "What uses do we make of your personal data?" for more details) will be retained for the duration permitted by applicable laws.
In addition to the retention periods mentioned above, your personal data will either be securely deleted from all Nestlé databases or anonymized.
7 - How does Nestlé store and / or transfer your personal data?
We use all necessary technical and organizational measures to guarantee the confidentiality and security of your personal data. Please be aware, however, that these measures do not apply to the information you choose to share on public spaces, particularly on third-party social networks.
Persons with access to your personal data: your personal data will be processed by our dedicated personnel or service providers, and only for the purposes described to you when your personal data has been collected (for example, our personnel dealing with consumer services or customer relations issues will only have access to your file corresponding to this purpose).
Actions taken in operating environments: we store your personal data in operating environments where appropriate security measures are implemented to prevent unauthorized access. We comply with applicable standards to protect your personal data. The transmission of information via the Internet can unfortunately not be completely secure, and although we make every effort to protect your personal data, we cannot guarantee the security of your data during transmission via our websites or our applications.
What we expect from you: you too have a key role to play in ensuring the security of your personal data. When creating an online account, make sure you choose a password that is difficult to guess and never tell anyone about your password. It is your responsibility to protect the confidentiality of this password and you are responsible for your use of your account, whatever it may be. If you are using a shared or public computer, make sure that the option to remember the login, email address, or password is never checked, and make sure you always log out of your account whenever you walk away from the computer. You must also use the privacy settings or controls that we make available to you on our website or application.
Transfer of your personal data: the storage and processing of your personal data requires that your personal data be, at some point, transferred to, and stored in a country other than the one where you reside. We may also transfer your personal data to countries outside the European Economic Area (EEA), for example to other legal entities of the Nestlé Group or ad hoc partners, including to countries whose standards for the protection of personal data differ from those applied in the EEA. In this case, we (i) have put in place "standard contractual clauses" approved by the European Commission to protect your personal data (and you have the right to request a copy of these clauses, by contacting us at the contact details given below) and/or we (ii) will rely on your consent.
8 - What are your rights and how do you exercise them?
Access to your personal data: you, your descendants, representatives and/or agents have the right to access, consult and request a physical or electronic copy of the information we hold about you. You also have the right to request information on the origin of your personal data.
You may exercise these rights:
- by mail :
Service Consommateurs Nestlé
NESTLE WATERS FRANCE
Service Conseils Consommateurs
34-40 rue Guynemer
92130 Issy les Moulineaux
- by telephone by calling our Consumer Service at 0806 800 125 (free Service + call price)
- by Internet : https://www.nestle-waters.fr/info/service-consommateurs
We will ask you to attach a copy of your identity document or other identification to your application. If the application is submitted by someone other than you, without proof that the application is legally formulated on your behalf, the application will be rejected.
Please be aware that any identification information provided to us will be processed only in accordance with, and to the extent permitted by, applicable laws.
Other rights (e.g. modification or deletion of personal data): you, your descendants, representatives and/or agents may (i) request the deletion, portability, correction or modification of your personal data; (ii) oppose data processing; (iii) limit the use and disclosure of your personal data; and (iv) withdraw your consent to any of our activities for processing your personal data.
Please note that in some cases, the deletion of your personal data will necessarily involve the deletion of your user account. We may also be required to retain some of your personal data, after your deletion request, in order to fulfill our legal or contractual obligations (see Question n°6 - "How long will your personal data be kept?").
Where possible, our websites include a dedicated feature allowing you to view and modify the personal data you have provided to us. Be aware that before you can access or change your account information, people registered on a website must prove their identity (for example, by giving their login/email address, password); this is to prevent unauthorized access to an account.
We hope to be able to answer any questions and queries you may have regarding how we process your personal data. However, if we fail to allay all your fears, you also have the right to lodge a complaint with the CNIL (https://www.cnil.fr/fr/plaintes).
9 - What are your choices about how we use your personal data?
We are committed to enabling you to make the most informed choices possible, with regard to the personal data you provide to us. The following mechanisms give you control over your personal data:
Cookies/similar technologies: you manage your consent through (i) our consent management solution or (ii) your browser to decide whether to allow or refuse the use of any or all of the cookies/similar technologies, or whether to be alerted when similar cookies/technologies are used. Please consult our "Nestlé Cookie Policy" to find out more.
Advertising, marketing and promotions: If you would like your personal data to be used by Nestlé to send you promotional communications about our products or services, you can indicate this by checking the corresponding box(s) in the online registration form, or by answering the question(s) asked about this by our Consumer Services and Customer Relationship Centers, our shop representatives, our sales demonstrators during point-of-sale events or at events organized by our brands. If you no longer wish to receive these promotional communications, you may unsubscribe from marketing communications at any time, following the instructions provided in each of these communications. An unsubscribe link is at the bottom of any marketing communication you receive from Nestlé. At any time, you may request that you no longer receive marketing communications from any media outlet. To do this, contact our Consumer Services or Customer Relationship Centers, or log in to the third-party websites, apps or social networks in question and change your user preferences in your account profile by clearing the appropriate boxes. Be aware that even if you refuse to receive marketing communications, you may receive administrative communications from us, such as order confirmations or other transactions, notifications about your account activities (account confirmations, password changes, etc.), and other important non-marketing information, if you are a customer of one of our online sales websites.
Customization (offline and online): If you would like your personal data to be used by Nestlé to provide you with a personalized experience/targeted advertisements and content, you can indicate this by checking the corresponding box(s) in the registration form or by answering the question(s) asked by our Consumer Services and Customer Relationship Centers, our store representatives, our sales demonstrators during point-of-sale events or at events organized by our markings. You can request at any time not to benefit from this customization. To do this, contact our Consumer Services or our Customer Relationship Centers, or log in to websites or apps and change your user preferences in your account profile by clearing the corresponding check boxes.
Targeted advertising: We may partner with advertisers who display banner ads on the Internet for one of our brands or brands of companies outside the Nestlé Group. These banner ads are targeted at your interests, based on information collected from Nestlé websites or third parties. You can visit www.aboutads.info/choices to learn more about this type of targeted advertising, and how you can block these "opt-out" advertisements for companies participating in the Digital Advertising Alliance (DAA) self-regulatory program. You can also download this DAA app to your mobile device to block these targeted ads. We also remind you that you can block the collection of geolocation data at any time by changing the settings on your mobile device.
10 - Change to our Policy
If there is a change in the way we manage and process your personal data, we will update this Policy. We reserve the right to change our practices and this Policy at any time. Please check our Policy regularly for updates or changes.
11 - Who are the controllers and how do I contact them?
If you have any questions or concerns about this Privacy Policy and our practices, or if you have any concerns about non-compliance with applicable privacy laws, you may contact our Data Protection Officer by e-mail at: protection-des-donnees@fr.nestle.com
We will process and review any claims relating to the way We manage your personal data (including a claim that we have violated your rights under applicable privacy laws).
Processing Lead |
Head of |
Nestlé Waters Marketing & Distribution |
All activities |