Danone UK Privacy statement

This Privacy Statement explains how Danone collects and manages your personal data as a Data Controller. It contains information on who we are and how and why we collect, store, use and share your personal data. They also explain your rights and how to contact us or the supervisory authority in the event you have any concerns we are unable to address.

At Danone, we are committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have therefore committed ourselves to the following basic principles:

• You have no obligation to provide any personal data requested by us. However, if you choose not to provide any personal data requested by us, we may not be able to provide you with some services or products. You will be informed of this at the time of collection.
• We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to. 
• We aim to collect, process and use as little personal data as possible.
• When we do collect your personal data, we aim to keep it as accurate and up to date as possible.
• If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it. 
• Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement.

Our Privacy Notice applies to the personal data we collect, use, share or otherwise process through our online and offline business activities relating to our Aptamil brand, including:

·       our website;

·       our official social media pages;

·       our e-mails;

·       our apps;

·       our online and offline campaigns and events; and

·       your conversations or correspondence with our representatives.

The e-commerce section of our website is provided by our authorised seller Trojan Electronics 2018 Limited (“Trojan”). Please refer to the below table and section 2(b) for more information on our relationship with Trojan, and how your personal data is processed.

Relationship structure with regard to the eCommerce Website

This Privacy Statement describes the following important topics relating to your personal data (you can click each link to find out more). Each topic also comes with a handy summary (“Essentials”), which is intended as a guide to help you easily find information that is most relevant to you.

1. Who are we? 

2. What personal data do we collect and how? 

a. visitors to our websites and users of our apps and services; 

b. Online purchases via our e-commerce site (customers and prospective customers); 

c. people who contact us with enquiries (e.g. via our consumer contact centres); 

d. attendees or prospective attendees at Danone-related events; 

e. people we interact with during the course of business who do not fall within any of the above categories (other than suppliers); or

f. people whose personal data we collect indirectly. 

3. The purpose and legal basis for collecting and using personal data

4. Profiling and automated decision-making 

5. Links to other websites 

6. Social media and other User Generated Content 

7. Children’s personal data 

8. Sharing your personal data with third parties 

9. Sharing your personal data internationally 

10. How we protect your personal data 

11. How long we store your personal data 

12. Your rights 

13. How to contact us 

14. Changes to our Privacy Statement 

Essentials: Nutricia Limited t/a Danone UK is responsible for the processing of your personal data in the United Kingdom.

UK Residents

Nutricia Limited t/a Danone UK is responsible for the personal data that you share with us. When we say “Danone”, “us”, “our” or “we”, we are referring to Nutricia Limited t/a Danone UK. In accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulations (the “UK GDPR”), when we collect or process your personal data, we are responsible as the “data controller”.  

Nutricia Limited t/a Danone UK

Newmarket House, Newmarket Avenue, White Horse Business Park, Trowbridge, Wiltshire, BA14 0XQ

Nutricia Limited is a subsidiary of Danone SA. If you would like to know more about Danone and its products or services, please visit https://www.danone.co.uk.

EEA Data Representative

Danone SA is our data representative for any EEA-based data subjects visiting our co.uk based websites and will act as a point of contact for EEA data subjects and supervisory authorities.

Danone SA

Data Protection Office, Danone SA, 17 Boulevard Haussmann, 75009, Paris, France

Essentials: The personal data we collect come directly from you, from partners or affiliates and from cookies and similar technologies. We usually only collect and use basic information such as your contact details (name, email address etc.), communications with us (by phone, chat etc.), information regarding your interaction with our marketing initiatives, websites and products and your interests and preferences.

By personal data, we refer to any information about a person from which that person can be identified. This does not include data for which the identity has been erased (known as anonymous data).

The personal data we collect varies depending on our relationship with you; the purpose of the collection; and the product or service we are providing to you.

For further details on the personal data that we collect, please see the section(s) below that best describes our relationship with you.

We will collect your personal data directly from you. You may give us personal data about yourself by:

• visiting our websites or apps;
• creating an account with us;
• ordering products or services from us;
• registering to receive our newsletters or communications (including marketing messages) by any means (e.g. email, SMS, phone, WhatsApp, instant messaging, etc.);
• entering or participating in a survey, research activity, game, contest or competition run by us or third parties on our behalf;
• submitting an enquiry or request to us or contacting us by phone, email or other means;
• filling in our forms (both online and offline);
• registering for an event, congress or seminar (online or offline) or contacting us in relation to an event, congress or seminar; or
• engaging (for example posting or commenting) on our social media pages (such as Facebook, Instagram, TikTok or LinkedIn) or engaging with our other digital media communications.

Some of your personal data is also collected via cookies and similar tracking technologies, see our Cookie Statement for further details on this.

Depending on our relationship with you, we may collect and use your personal data in different ways and may aggregate your personal data from different sources to present a comprehensive view of your interactions with us (for example from our website, an offline event you attended or via our social media engagement). By aggregating this data, Danone can get a full picture of your preferences and interactions, which helps us tailor our services and communications to better meet your needs. This holistic approach ensures that we can provide a more personalised and effective customer experience.

While we collect most of your personal information directly from you, we may also collect personal data about you from third parties such as:

• our trusted business partners, including marketing agencies, market research companies, companies that co-sponsor our promotions or competitions, retailers.
• family, friends and others who provide your personal data to us because you have consented to, or they think you may be interested in our products and services, or they want to share a product or service with you;  
• other third parties such as media providers/owners, public and third-party websites, advertising platforms, or depending on your privacy settings for social media services, we may also collect information from social media platforms and our suppliers or our group companies (referred to in this Privacy Statement as "third parties" or "suppliers"). 

Statistical modelling

When you browse and interact with our websites, we may also collect aggregated and non-identifying information such as device type, time of the day, country, browser type, page URL and conversion type, which is a metric that identifies an action a user has taken on a website (i.e., making a purchase, registering for an event, or subscribing to a newsletter).

We use these anonymised data to build statistical models, allowing us to infer the impact of our ads on users’ actions, such as purchases, while respecting your privacy.

This helps us refine our advertisements to make them more relevant to our consumers, thereby enhancing their experience on our websites. It is important to underscore that this method of gathering information does not, under any circumstances, enable users’ identification.

We, or third parties on our behalf, may collect and use information about you such as the following:

1. personal contact data, such as your name, email address, physical address and telephone number(s);
2. account login details, such as your user ID, email username, password and photo;
3. communication data between you and us, which may include details of our conversations via LiveChat and contact forms available on our websites and/or apps;
4.  social media or 3^rd party account profile information where you use your social media or 3^rd party account to create an account and login or where you share this with us;
5. where you submit content to our websites and/or apps (such as a personal testimonial or review);
6. health data where you provide this to us – please also see the "Special categories of data" section below;
7. your entry into a survey, game, contest, promotion or competition (including the entry itself, which may include audio or visual information such as your likeness in a video or photo, a comment or answer to a question);
8. any information you provide to us when signing-up for, or as a member of, any clubs, communities or schemes offered by us;
9. maternal information about yourself and age range of your child so that we may comply with infant formula legal and regulatory obligations in the UK;
10. your preferences in receiving marketing from us and our third parties and your communication preferences;
11. your email subscription preferences;
12. demographic information and interests, such as your age, gender, preferred products and lifestyle preferences. Lifestyle preferences may include your preferences for some of the products or services we offer, and your interests related to those products or services. We may also infer certain preferences and interests about you based on your browsing habits, your purchase history, your feedback and responses to surveys or market research, and your demographic information;
13.  information about people other than you, such as personal data about your family members, when you provide such information directly to us;
14.  where we are able to collect this, information about how you engage with our messages and communications (e.g. emails, SMS, instant messages) including whether they are delivered to you, whether you open them, links you click in them and whether you unsubscribe to them;
15.  any updates to personal data provided to us; and
16.  personal data created and recorded as you use our websites, apps and/or services, including:

i. technical information– this includes the Internet Protocol (IP) address used to connect your device to the internet address; the type of device you use; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform; and

ii.  information about your visit and your behaviour on our websites and/or apps (such as the pages that you click on) – this may include time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs, information shared with others, including through email and social media), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.  

The e-commerce section of our website is provided by our authorised seller Trojan Electronics 2018 Limited (“Trojan”).

We, or third parties on our behalf, may collect and use some information about you such as the following:

1. the personal data in relation to visitors to our websites and users of our apps and services as set out in the section above
2. order information and shipping data, such as your name, email address, postal address and telephone numbers
3. information about what products you have purchased from us and products you have added to your basket
4. Note that although you may submit payment information such as credit card details in connection with making a purchase, Danone or Trojan does not collect or store your payment information.  If you choose to make an online purchase from Trojan, you may be given the option to make payment directly through a third-party payment provider used by Danone.  We do not control, review or store your payment information when you engage in a payment transaction with Trojan.

We, or third parties on our behalf, may collect and use some information about you such as the following:

a.    your name including your title;

b.     your address;

c.     your email address;

d.     your telephone number (and recordings when you call our consumer line);

e.     your date of birth;

f.      your contact preferences;

g.     information provided when you correspond with us (such as via our care lines and/or customer service lines or social media) which may include call recordings if you call us directly – to the extent this includes information about your health, please see the "Special categories of data" section below;

h.     information about people other than you, such as personal data about your family members, when you provide such information directly to us; and

i.      any updates to information provided to us.

We, or third parties on our behalf, may collect and use some information about you when registering or attending Danone-related events (including trainings and e-learnings), including the following:

a.    personal contact data such as your name, your email address, physical address and telephone number(s) social media handles, language of communication;

b.     maternal information about yourself and age range of your child so that we may comply with infant formula legal and regulatory obligations in the UK;

c.     any information you provide in respect of the event itself (such as providing feedback, answering surveys, participating in competitions or games, recordings or interviews or pictures during of the event and/ or any content you submit as part of the event (e.g. if you ask a question);

d.     your travel and accommodation details; or

e.     any dietary, accessibility or other requirements (where applicable). To the extent this includes information about your health, please see the "Special categories of data" section below; and

f.      in certain cases, your professional contact data, such as your title, name, email address, physical address, telephone number(s), social media handles, language of communication; your employment details (such as job title, organization, any other position you may hold) where you are attending on behalf of your employer; and your field of expertise in which you are active, your professional qualifications and activities, and professional details such as data related to your educational/professional employment history.

When Danone interacts with you in your capacity as an external stakeholder who does not fall within any of the above categories, such as where you are a representative of one of our clients, an agent of an industry or peer company, a scientist, a health care professional, an academic, a representative of a non-governmental or consumer organization, a politician, a policy-maker, a regulator, an investor, an extra-financial rating agencies, a journalist, a trade associations representative, etc., we, or third parties on our behalf, may collect and use the following information about you:

a.    professional contact data, such as your title, name, email address, physical address, telephone number(s), social media handles, language of communication;

b.     your employment details (job title, organization, any other position you may hold) and/or political party affiliation (only when it has been manifestly made public by you);

c.     the field of expertise in which you are active, your professional qualifications and activities, and professional details such as data related to your educational/professional employment history; and

d.     any other information that you provide to us during our interactions with you.

e.     If you are, or act for, a supplier of Danone, this Privacy Statement does not apply to you. The appropriate privacy statement will be made available to you separately.

We may also collect personal data about you from other sources such as:

a.    when you search for our products and services and when you share content on social media pages, websites or apps related to our products, services or a Danone-related event, or in response to our promotional material on social media or activities such as blogs, videos, internet postings and user generated content.

b.     personal data from other public sources (e.g. comments on other websites than ours) that mention Danone or ones of its brands. We may also collect publicly available data about you in your capacity as a public figure for business objective purposes.

c.      when you open or click on a link in an email one of our third parties have sent to you on our behalf. This allows us to see how well our communications with you are performing.

d.     personal data provided to us by media providers and retailers, such as your purchasing history data and your loyalty card profile.

e.     your insights data is provided to us by third parties (i.e. consumer research organisations, media providers, marketing technology or advertising technology solutions), such as your demographic data (e.g. age, parental status), your location, your interests and your purchase intent, purchase behaviour or consumer and market research data. Some of this data may have been collected from the use of cookies and other similar tracking technologies.    

f.      We may also collect personal data from our trusted business partners, credit reference agencies or other members of the Danone group.

In principle Danone does not seek to process sensitive data relating to you. However, some of the personal data that we collect about you or which you provide to us may be special categories of data, often relating to health and wellbeing which may pertain to you and/or your baby, when you provide this information to us.

We will only collect and process this type of data if you give your explicit consent to do so, or in any other circumstances permitted by law (such as defence of legal claims or in order to comply with our legal and regulatory obligations in relation to the promotion and marketing of infant food & milk products). 

Essentials: Your personal data is collected and used for purposes such as performing our agreement with you (e.g. processing orders and payments), responding to your enquiries, personalising your experience with our services and marketing our products and services (e.g. building customer profiles, evaluating marketing campaign effectiveness), improving our products, services and processes, and complying with legal obligations or defending our rights. The reason we process your personal data depends on the precise purpose, but can be based on the agreement with you, based on Danone’s legitimate interests (see detail in the explanation) or based on Danone’s own legal obligations.

The table below shows the purposes for which we collect and use your personal data, as well as the legal bases for our use of that data. Further information on our legal bases is set out below the table.

Please note that not all of the uses below will be relevant to every individual:

When we collect and use your personal data for new purposes, we will inform you before or at the time of collection (and ask for your consent when required) unless we reasonably consider that this purpose is compatible with the original one as detailed above.

LEGAL BASES

We consider that the legal bases for using your personal data as set out in this Privacy Statement are as follows:

a.    Contractual necessity: our use of your personal data is necessary to perform our obligations under any contract with you or to take steps prior to entering a contract with you.

b.     Compliance with legal obligations: our use of your personal data is necessary for complying with our legal obligations.

c.     Legitimate Interests: our use of your personal data is necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests might include the following:

                                               i.     running, growing and developing our business;

                                              ii.     operating and ensuring the security of our websites and apps;

                                            iii.     ensuring a safe working environment for our staff and visitors;

                                            iv.     marketing, market research and business development;

                                             v.     providing services to our customers;

                                            vi.     placing, tracking and ensuring fulfilment of orders with our suppliers;

                                           vii.     investing in and rolling out new products to benefit the communities in which we operate;

                                         viii.     for internal group administrative purposes; and

                                            ix.     for online targeting or retargeting marketing purposes. We do this by creating profiles and lookalike audiences of people that may share characteristics, interests and preferences similar to you for the purposes of showing these audiences online advertising of our products or services that they are likely to be interested in, unless you have told us that you would rather not have your data used in this way.

More information on how your personal data is used and how to opt out is explained below in the "Profiling and automated decision making" section of this Privacy Statement below.

Whenever we collect and use your personal data on the legal basis of legitimate interests, we take care to ensure that it does not outweigh your privacy rights as an individual or have a significant privacy impact.

d.     Consent: We may process your personal data on the basis of your consent. Where you have given consent, but you later change your mind, you may withdraw your consent by contacting us and we will stop doing processing your personal data in this way. However, if you withdraw your consent, this may impact our ability to provide our products and associated services to you.

OPTING OUT OF MARKETING-RELATED COMMUNICATIONS

As described above, we may use your personal data to send you communications that may be of interest to you and/or information about our products or services, including updates, exclusive offers, promotions or new services or products.

Where legally required or where it is appropriate, we will ask for your consent to process your personal data for promotional or marketing-related purposes. We usually do this via an untick-box(es) located at our data collection points (e.g on registration or sign up pages) or via our customer service representatives by answering the question(s) posed to you.

If you would prefer not to receive marketing-related communications from us or from our third parties operating on our behalf, you can ask us or our third parties to stop sending you these communications at any time by following the unsubscribe links in our marketing-related communications or by contacting us at any time. If you have an account with us, you can also update your marketing preferences in your profile at any time.

You have the right to withdraw your consent at any time by informing us of your decision. If you wish to withdraw your consent, please see the “Your Rights” section of this Privacy Statement below.

Where you chose to opt out of receiving these marketing-related communications, please note that, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions where you may still receive service-related communications, such as an order update or notifications about your account (e.g. account confirmations, password changes, etc.), and other important non-marketing related communications.

Essentials: We may use your information to create profiles to personalize our services and communications for you, and to show you relevant ads, sometimes using automated means.  When doing so, we ensure to comply within the frame of applicable legal requirements.

We may analyse information about you in order to create profiles (e.g. by compiling individuals into groups that we believe to have certain common characteristics) for online advertising or retargeting purposes. We use these profiles to personalize our websites, apps, services or products, as well as our communications to you (e.g. by sending/displaying content that may be relevant and useful to you, subject to applicable data protection and e-privacy laws).

We may also use your personal data to create lookalike audiences of people that may share characteristics, interests and preferences similar to you for the purposes of showing these audiences online advertising of our products or services that they are likely to be interested in.

We may also use these insights to display relevant advertising to you either on our websites or apps, or via third-party websites.  

Where we do this, we will inform you via our Privacy Statement and you will have an opportunity to object to these processes, please see the “Your Rights” section of this Privacy Statement below.

We will also obtain your consent where this is required by law, for instance where information about you is collected via certain types of cookies that we use – please see our Cookie Statement for further details on our use of cookies. Please contact us for further information on this type of processing.

For some services and products, we may process your personal data using automated means such as using a chatbot. Essentially this means that decisions are taken automatically without human intervention. We will not make decisions based solely on automated decision making to the extent that they have a legal effect or significant impact on you without first notifying you and providing you with clear information about any such automated decision-making, including our lawful basis for carrying it out and the ability to have a human intervention for reviewing the decision.

You can contact us for further information on such processing or to opt out.

Essentials: Our websites and apps may include links to third-party sites, plug-ins, or apps for your convenience. We do not control or endorse these third-party sites and recommend that you review the privacy policies of third-party websites before sharing your personal data.

Our websites and apps may contain hyperlinks to third party websites, plug-ins or applications that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. 

This Privacy Statement only applies to the personal data that we collect or which we receive from third party sources and over which we act as a data controller, and we cannot be held responsible for personal data about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal data to these websites. 

We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

Essentials: When you post content on our websites or social media pages, it can be seen and shared by the public. Be cautious when sharing your personal data online.

Some of our websites and apps allow users to submit their own content. Please remember that any content submitted on our product/brand page(s) on social media platforms can be viewed by the public and reposted, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our product/brand page(s) on social media platforms. We reserve the right to delete user generated content that doesn’t comply with the relevant terms & conditions.

Essentials: We take care not to process the personal data of children without specific safeguards, such as parental or legal guardian consent where required.

Most of our websites are designed and intended for use by adults. Where one of our websites is intended for use by a younger audience, we understand the importance of taking extra precautions to protect the privacy and safety of children.

If our websites are ever intended for young audiences, we will in all cases respect our external commitments on responsible marketing, and we will ensure that before we collect personal data, consent is validly obtained from the parent(s) or legal guardian(s) to the extent that this is required by applicable laws and regulations (the age at which this is necessary varies from country to country).

If we discover that we have collected personal data from a child without consent from a parent or legal guardian where such consent should have been obtained, we will delete that personal data as soon as practical. 

Essentials: Subject to adequate safeguards, your personal data may be shared, depending on the purposes of processing, with affiliates, third-party service providers and subcontractors, advertising partners and social media platforms (e.g. when you click on a “Like” or “Share” button), business transfer recipients (e.g. in the event of an acquisition) and legal disclosure recipients (such as authorities, but only where they are legally entitled to demand access).

When we share your personal data with Danone affiliates and other organisations, we make sure we only do so with organisations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.

Your personal data will never be sold or rented. We may, however, share or disclose your personal data as described in this Privacy Statement.

Your personal data will be shared with the following third parties for the purposes described:

a.    Other Danone companies/affiliates: Where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of products to our customers, corporate strategy, merger and acquisition operations, compliance, auditing and monitoring, research and development and quality assurance).

b.     Trusted Third party service providers and subcontractors: Including those which:

a.    work on our behalf, to assist us to carry out your requests, respond to your inquiries, allow personalised conversations with our consumer contact centre teams, fulfil your request, honour coupons, provide you with samples, enable you to participate in sweepstakes, promotions and competitions, such as logistics providers, sponsors and customer support providers, marketing agencies, market research companies, e-commerce fulfilment partners, software, data hosting and other IT service providers, merchants selling Danone products, call centres, payment processors, etc. These third-party service providers are required not to use your personal data other than to provide the services requested by us or otherwise in accordance with our instructions.

b.     perform core information technology and other business-related services, such as website/app development providers, cloud hosting providers, management and evaluation service providers, data analysts, payment processors, utility providers, insurers;

c.     assist in the organization of our events, marketing, advertising and promotional activities and facilitation of surveys, market research, sourcing testimonials, reviews and feedback such as marketing & design agencies, research agencies, events management agencies and events management platforms such as Eventbrite, Inc; or

d.     provide analytics and optimization services relating to our websites and apps.

c.     Social media platforms: When our web pages use social plug-ins from these businesses (such as the “Like" and "Share" buttons). These other businesses may receive and use personal data about your visit to our sites or apps. If you browse our website or view content on our apps, personal data they collect may be connected to your account on their site. For more information on how these businesses use personal data, please read their privacy policies.

d.     Business transfer recipients: Where we sell or buy any business or assets, (such as a merger/absorption), to the prospective seller or buyer of such business or assets, or where substantially all of our or any of our affiliates' assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data controller processes your data and its privacy statement governs the processing of your personal data.

e.     Legal or regulatory disclosures: Where we are obliged by law to disclose your personal data (e.g. to government or law enforcement bodies) or where disclosure is required to protect our rights or those of our staff, customers or other third parties.

Save as expressly detailed above, we will never share, sell or rent any of your personal data to any third party without notifying you and, where necessary, obtaining your consent. Further details about our third parties are available on request.

Essentials: If we need to share your personal data to affiliates or third-party organisations in different countries, we take legally required safeguards to ensure that the transfer is lawful.

Your personal data may be used, stored and/or accessed by staff working for us, other members of our group, trusted third parties or when required by law and/or government authorities operating outside your country of residence. 

Depending on the processing activity such as creating lookalike audiences or registering you for an event via Eventbrite Inc. your personal data may be transferred to for example the United States.

When we share your data internationally, we make sure only to do so with organisations that safeguard and protect your data and ensure that the cross-border data processing complies with applicable data protection laws and is protected by adequate safeguards such as:

a.    ensuring that there is an adequacy decision by the European Commission in the case of transfers out of the EEA or by the UK Secretary of State in the case of transfers out of the UK;

b.     having in place standard contractual clauses with the recipient which have been approved by the European Commission (or the UK Secretary of State for transfers out of the UK);

c.     any other safeguarding mechanism permitted by law.

Further details about our international data transfers are available on request.

Essentials: We take the security of your personal data seriously and make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification, or disclosure.  We also contractually require that trusted third parties who handle your personal data for us do the same.

We understand that the security of your personal data is important. We make our best efforts to protect your personal data from being accidentally lost or used or accessed unlawfully. We have implemented a number of security measures to help protect your personal data, and we require that trusted third parties who handle your personal data for us do the same. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.

In the course of providing your personal data to us, your personal data may be transferred over the internet.  Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal data transmitted to our website and that any such transmission is at your own risk. Then, once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access to it.

Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. 

Essentials: We keep personal data until it is no longer needed to fulfil the purpose of processing, taking into account how long we might need to have it as well for evidence purposes or to manage complaints or queries.

We keep your personal data for no longer than necessary for the purposes for which the personal data is processed.  The length of time for which we retain personal data depends on the purposes for which we collect and use it, for the duration of your contractual relation with us and/or as required to comply with applicable laws and regulations as well as to establish, exercise or defend our legal rights.

For example, where you make a purchase online with us or register for a webinar, we will keep the personal data related to your purchase or registration, so we can perform the specific contract you have entered. After that, we will keep the personal data for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase or registration.

Further details about retention periods are available on request.

Essentials: You have various rights in relation to your personal data, such as (depending on applicable laws) access to your personal data (including portability in some cases), the right to correct or delete some personal data, the right to limit our processing in certain cases (e.g. through objecting to direct marketing or through withdrawing consent) and the right to lodge a complaint with a data protection authority.

Where we process your personal data, you are entitled to a number of rights established in the relevant applicable laws and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights by contacting us here.

We will consider all such requests and, in accordance with the applicable laws, will provide our response within a reasonable period, or within the period prescribed by law. Please note, however, that we may rely on certain exemptions to complying with your requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.  If an exemption applies, we will tell you this when responding to your request.

We may request you provide us with information necessary to confirm your identity before responding to any request you make. 

The right to be informed

You have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Statement.

The right to access your personal data and correction

You have the right to access the personal data we hold about you, as well as correct, update or complete it at any time.

The right to deletion of your personal data

You have right to request that we delete your personal data. However, this is not an absolute right, and we may have legitimate, legal and regulatory reasons to retain your personal data.

 The right to object

Under certain circumstances, you have the right to object to certain types of processing based on grounds relating to your particular situation when such processing is based on our or another's legitimate interest. If you exercise this right, we will stop using your personal data for this purpose and add you to a suppression list, unless we can demonstrate compelling legitimate grounds to continue processing your personal data that would outweigh your interests, rights and freedoms. You have the right to object to the processing of your personal data for direct marketing activities (for example, by clicking on the unsubscribe link in our emails or by contacting us directly via DPO.UKIE@danone.com). 

The right to withdraw consent

Where we rely on your consent to process personal data, you have the right to withdraw consent at any time, without affecting our processing of your personal data before you withdrew consent.

The right to restriction of processing

Under certain circumstances you have the right to restrict the processing of your personal data if:

a.    you do not believe the personal data we have about you is accurate; or

b.     you consider that the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or

c.     we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or

d.     you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.

The right to data portability

Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies to personal data you have provided to us and where the processing: (i) is based on your consent or takes place for the performance of a contract; and (ii) it takes place by automated means.

The right to lodge a complaint with a supervisory authority

If you think that we have not met the data protection or privacy requirements, you have the right to make a complaint to the data protection authority in the country where you usually live or work, or where an alleged infringement of applicable data protection laws has taken place. 

If you want to bring a specific complaint against Danone for the way your personal data has been processed or if you are not able to resolve a problem directly with us, you can raise a complaint directly with the UK Information Commissioner’s Office https://ico.org.uk/for-the-public.

UK Information Commissioner’s Office

Mailing Address: Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF; Phone Numbers: +44 303 123 1113; Email Address: casework@ico.org.uk

You can also contact our local Data Protection team directly at DPO.UKIE@danone.com.

If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, or would like to exercise any of the rights set out at “your rights” section above, please contact us via our contact page, email us at DPO.UKIE@danone.com or write to us at Data Protection Office, Nutricia Limited, Newmarket House, Newmarket Avenue, White Horse Business Park, Trowbridge, Wiltshire, BA14 0XQ.

You can also contact our Group Data Protection Officer, Adrien MIGEON Data via email at DPO.UKIE@danone.com or write to them at Data Protection Office, Danone SA, 17 Boulevard Haussmann, 75009, Paris, France.

We may update our Privacy Statement from time to time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise).

Any changes we make to our Privacy Statement in the future will be posted on this page and will be applicable on the effective date of implementation.  Where we are legally required to do so, we will notify you of any changes. Please check back frequently to see any updates or changes to our Privacy Statement.  

This Privacy Statement was last updated on 11 November 2024.