Privacy Statement
Inleiding
- You have no obligation to provide any personal data requested by us. However, if you choose not to provide any personal data requested by us, we may not be able to provide you with some services or products.
- We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to.
- We aim to collect, process and use as little personal data as possible.
- When we do collect your personal data, we aim to keep it as accurate and up to date as possible.
- If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
What this Privacy Statement contains
This Privacy Statement describes the following important topics relating to your personal data (you can click on the links to find out more). Each topic also comes with a handy summary (“Essentials”), which is intended as a guide to help you easily find information the most relevant to you.
- Who are we?
- What personal data do we collect and how?
- visitors to our websites and users of our apps and services;
- people who contact us with enquiries (e.g. via our consumer contact centres);
- attendees or prospective attendees at Danone-related events;
- people we interact with during the course of business who do not fall within any of the above categories (other than suppliers); or
- people whose personal data we collect indirectly.
- The purpose and legal basis for collecting and using personal data
- Profiling and automated decision-making
- Links to other websites
- Social media and other User Generated Content
- Children’s personal data
- Sharing personal data with third parties
- Sharing personal data internationally
- How we protect your personal data
- How long we store your personal data
- Your rights
- How to contact us
- Changes to our Privacy Statement.
1. Who are we?
Essentials: Danone Nutricia Nederland B.V. is in charge of the processing of your personal data here.
Danone Nutricia Nederland B.V. is responsible for the personal data that you share with us. When we say “Danone”, “us”, “our” or “we”, we are referring to Danone Nutricia Nederland B.V. In accordance with regulations applicable to the processing of personal data, Danone is the “data controller”.
Danone Nutricia Nederland B.V.
Lange Kleiweg 6, 4e verdieping
2288 GK, Rijswijk
If you want to know more about DANONE and its products, please visit www.danone.nl
- U te voorzien van de informatie, producten en diensten die u van ons vraagt;
- Onze website en dienstverlening te verbeteren;
- U op de hoogte te houden van onze diensten en promoties, indien u hiervoor toestemming heeft gegeven;
- Te voldoen aan wettelijke en regelgevende verplichtingen.
2. What personal data do we collect and how?
Essentials: The personal data we collect come directly from you, from partners or affiliates and from cookies and similar technologies. We usually only collect and use basic information such as your contact details (name, email address etc.), communications with us (by phone, chat etc.), information regarding your interaction with our marketing initiatives, websites and products and your interests and preferences.
The personal data we collect varies depending on our relationship with you, the purpose of the collection and the product or service we are providing to you. Please see the section(s) below that best describes our relationship with you for further details of the personal data that we collect.
We may collect your personal data directly from you.
You may give us personal data about yourself by visiting our websites or applications, creating an account with us, ordering products or services from us, registering to receive our newsletters or communications (including marketing messages) by any means (e.g. SMS, phone instant messaging, etc.), entering or participating in a survey, research activity, game, contest or competition run by us, submitting an enquiry or request to us, contacting us by phone, email or other means, filling in our forms (both online and offline), registering for an event, congress or seminar (online or offline) or by posting or commenting on our social media pages (such as Facebook or Instagram) or engaging with our other digital media communications.
Some of this data is collected via cookies and similar tracking technologies – see our Cookie Statement for further details on this.
We may also receive personal data about you from third parties such as: our business partners, including marketing agencies, market research companies, companies that co-sponsor our promotions, retailers; and other third parties such as media providers/owners, public and third party websites, social media platforms, advertising platforms, our suppliers or our group companies (referred to in this Privacy Statement as “third parties” or “suppliers”).
Visitors to our websites and users of our apps and services
We, or third parties on our behalf, may collect and use information about you such as the following:
- personal contact data, such as your name, email address, physical address and telephone number(s);
- communication data between you and us, which may include details of our conversations via chat and contact forms available on our websites and/or apps;
- where you submit content to our websites and/or apps (such as a personal testimonial or review);
- your entry into a survey, game, contest, promotion or competition (including the entry itself, which may be a photo, comment or answer to a question);
- any information you provide to us when signing-up for, or as a member of, any clubs, communities or schemes offered by us;
- information about people other than you, such as personal data about your family members, when you provide such information directly to us;
- where we are able to collect this, information about how you engage with our messages and communications (e.g. emails, SMS, instant messages) including whether they are delivered to you, whether you open them, links you click in them and whether you unsubscribe to them;
- any updates to data provided to us; and
We, or third parties on our behalf, may collect and use some information about you such as the following:
- the personal data in relation to visitors to our websites and users of our apps and services as set out in the section above;
- order information and shipping data, such as your name, email address, postal address and telephone numbers;
- information about what products you have purchased from us and products you have added to your basket;
- your email subscription preferences;
- where we are able to collect this, information about how you engage with our emails, including whether they are delivered to you, whether you open them, links you click in them and whether you unsubscribe to them;
- interests, such as your preferred products. We may also infer certain preferences and interests about you based on your browsing habits, your purchase history, your feedback and responses to surveys or market research, and your demographic information.
People who contact us with enquiries
We, or third parties on our behalf, may collect and use some information about you such as the following:
- your name;
- your postal address;
- your email address;
- your telephone number;
- information provided when you correspond with us (such as via our care lines and/or customer service lines or social media) which might include call recordings if you call us directly – to the extent this includes information about your health, please see the “Special categories of data” section below;
- and any updates to information provided to us.
Attendees or prospective attendees at Danone-related events (online and offline)
We, or third parties on our behalf, may collect and use some information about you when attending events (including trainings and e-learnings), including the following:
- personal contact data, such as your name, email address, physical address and telephone number(s);
- your employment details (where you are attending on behalf of your employer);
- any dietary information you provide to us (when applicable).
People whose personal data we collect from other sources
We may also collect personal data about you from other sources when:
- you search for our products and services and when you share content on social media pages, websites or applications related to our products or in response to our promotional material on social media;
- we collect your personal data from other public sources (e.g. comments on other websites than ours) that mention Danone or ones of its brands. We may also collect publicly available data about you in your capacity as a public figure for business objective purposes;
- your insights data is provided to us by third parties (i.e. media providers, marketing technology or advertising technology solutions), such as your demographic data (e.g. age, parental status), your location, your interests and your purchase intent. Some of this data may have been collected from the use of cookies and other similar tracking technologies.
3. The purpose and legal basis for collecting and using personal data
Essentials: Your personal data is collected and used for purposes such as performing our agreement with you (e.g. processing orders and payments), responding to your enquiries, personalising your experience with our services and marketing our products and services (e.g. building customer profiles, evaluating marketing campaign effectiveness), improving our products, services and processes, and complying with legal obligations or defending our rights. The reason we process your personal data depends on the precise purpose, but can be based on the agreement with you, based on Danone’s legitimate interests (see detail in the explanation) or based on Danone’s own legal obligations.
We consider that the legal bases for using your personal data as set out in this Privacy Statement are as follows:
- Contractual necessity: our use of your personal data is necessary to perform our obligations under any contract with you or to take steps prior to entering a contract with you.
- Compliance with legal obligations: our use of your personal data is necessary for complying with our legal obligations.
- Legitimate Interests: our use of your personal data is necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests might include the following:
-
- operating and ensuring the security of our websites and apps;
- ensuring a safe working environment for our staff and visitors;
- placing, tracking and ensuring fulfilment of orders with our suppliers;
- for internal group administrative purposes; and
Whenever we collect and use your personal data on the legal basis of legitimate interests, we take care it does not outweigh your rights as an individual.
- Consent: We may process your personal data on the basis of your consent. Where you have given consent, but you later change your mind, you may withdraw your consent by contacting us and we will stop processing your personal data in this way. However, if you withdraw your consent, this may impact our ability to provide our products and associated services to you.
4. Profiling and automated decision making
Essentials: We may use your information to create profiles to personalize our services and communications for you, and to show you relevant ads, sometimes using automated means. When doing so, we ensure to comply within the frame of applicable legal requirements.
We may analyze information about you in order to create profiles (e.g. by compiling individuals into groups that we believe to have certain common characteristics). We use these profiles to personalize our websites, apps, services or products, as well as our communications to you (e.g. by sending/displaying content that may be relevant and useful to you, subject to applicable data protection and e-privacy laws). We may also use these insights to display relevant advertising to you either on our websites or apps, or via third-party websites.
For some services and products, we may process your personal data using automated means. Essentially this means that decisions are taken automatically without human intervention. We will not make decisions based solely on automated decision making to the extent that they have a legal effect or significant impact on you without first notifying you and providing you with clear information about any such automated decision-making, including our lawful basis for carrying it out and the ability to have a human intervention for reviewing the decision.
5. Links to other websites
Essentials: Our websites and apps may include links to third-party sites, plug-ins, or apps for your convenience. We do not control or endorse these third-party sites and recommend that you review the privacy policies of third-party websites before sharing your personal data.
Our websites and apps may contain hyperlinks to third party websites, plug-ins or applications that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators.
This Privacy Statement only applies to the personal data that we collect or which we receive from third party sources and over which we act as a data controller, and we cannot be held responsible for personal data about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal data to these websites.
We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.
6. Social Media and other User Generated Content
Essentials: When you post content on our websites or social media pages, it can be seen and shared by the public. Be cautious when sharing your personal data online.
Some of our websites and apps allow users to submit their own content. Please remember that any content submitted on our product/brand page(s) on social media platforms can be viewed by the public and reposted, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our product/brand page(s) on social media platforms. We reserve the right to delete user generated content that doesn’t comply with the relevant terms & conditions.
7. Children’s Personal Data
Essentials: We take care not to process the personal data of children without specific safeguards, such as parental or legal guardian consent where required.
Most of our websites are designed and intended for use by adults. Where one of our websites is intended for use by a younger audience, we understand the importance of taking extra precautions to protect the privacy and safety of children.
If our websites are ever intended for young audiences, we will in all cases respect our external commitments on responsible marketing, and we will ensure that before we collect personal data, consent is validly obtained from the parent(s) or legal guardian(s) to the extent that this is required by applicable laws and regulations (the age at which this is necessary varies from country to country).
If we discover that we have collected personal data from a child without consent from a parent or legal guardian where such consent should have been obtained, we will delete that personal data as soon as practical.
8. Sharing Personal Data with Third Parties
Essentials: Subject to adequate safeguards, your personal data may be shared, depending on the purposes of processing, with affiliates, third-party service providers and subcontractors, advertising partners and social media platforms (e.g. when you click on a “Like” or “Share” button), business transfer recipients (e.g. in the event of an acquisition) and legal disclosure recipients (such as authorities, but only where they are legally entitled to demand access).
When we share your personal data with affiliates and other organizations, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.
We may, however, share or disclose your personal data as described in this Privacy Statement. Your personal data will be shared with the following third parties for the purposes described:
- Other Danone companies/entities: Where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of products to our customers, corporate strategy, merger and acquisition operations, compliance, auditing and monitoring, research and development and quality assurance).
- Third party service providers and subcontractors: Including those which:
- assist us to carry out your requests, respond to your inquiries, fulfil your orders, honor coupons, provide you with samples, enable you to participate in sweepstakes, such as logistics providers, sponsors and customer support providers;
- perform core information technology and other business-related services, such as website/app development providers, cloud hosting providers, management and evaluation service providers, data analysts, payment processors, utility providers, insurers;
- assist in the organization of our events, marketing, advertising and promotional activities; or
- provide analytics and optimization services relating to our websites and apps.
- Social media platforms: When our web pages use social plug-ins from these businesses (such as the “Like” and “Share” buttons). These other businesses may receive and use personal data about your visit to our sites or apps. If you browse our website or view content on our apps, personal data they collect may be connected to your account on their site. For more information on how these businesses use personal data, please read their privacy policies.
- Business transfer recipients: Where we sell or buy any business or assets, (such as a merger/absorption), to the prospective seller or buyer of such business or assets, or where substantially all of our or any of our affiliates’ assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data controller processes your data and its privacy statement governs the processing of your personal data.
- Legal disclosure recipients: Where we are obliged by law to disclose your personal data (e.g. to government or law enforcement bodies) or where disclosure is required to protect our rights or those of our staff, customers or other third parties.
Save as expressly detailed above, we will never share, sell or rent any of your personal data to any third party without notifying you and, where necessary, obtaining your consent.
9. Sharing Personal Data Internationally
Essentials: If we need to share your personal data to affiliates or third-party organisations in different countries, we take legally required safeguards to ensure that the transfer is lawful.
Your data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement. Your personal data may be used, stored and/or accessed by staff working for us, other members of our group, trusted third parties or when required by law and/or government authorities operating outside your country of residence.
When we share your data internationally, we make sure only to do so with entities that safeguard and protect your data and make sure that the cross-border data processing complies with applicable data protection laws and is protected by adequate safeguards.
10. How We Protect Your Personal Data
Essentials: We take the security of your personal data seriously and make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification, or disclosure. We also contractually require that trusted third parties who handle your personal data for us do the same.
We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data, and we require that trusted third parties who handle your personal data for us do the same. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.
In the course of provision of your personal data to us, your personal data may be transferred over the internet. Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal data transmitted to our website and that any such transmission is at your own risk. Then, once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access to it.
Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential.
11. How long we store your personal data
Essentials: We keep personal data until it is no longer needed to fulfil the purpose of processing, taking into account how long we might need to have it as well for evidence purposes or to manage complaints or queries.
We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. The length of time for which we retain personal data depends on the purposes for which we collect and use it, for the duration of your contractual relation with us and/or as required to comply with applicable laws and regulations as well as to establish, exercise or defend our legal rights.
For example, where you make a purchase online with us or register for a webinar, we will keep the personal data related to your purchase or registration, so we can perform the specific contract you have entered. After that, we will keep the personal data for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase or registration.
12. Your rights
Essentials: You have various rights in relation to your personal data, such as (depending on applicable laws) access to your personal data (including portability in some cases), the right to correct or delete some personal data, the right to limit our processing in certain cases (e.g. through objecting to direct marketing or through withdrawing consent) and the right to lodge a complaint with a data protection authority.
Where we process your personal data, you are entitled to a number of rights established in the relevant applicable laws and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights by contacting us here via dpo.benelux@danone.com
We will consider all such requests and, in accordance with the applicable laws, will provide our response within a reasonable period, or within the period prescribed by law. Please note, however, that we may rely on certain exemptions to complying with your requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims. If an exemption applies, we will tell you this when responding to your request.
We may request you provide us with information necessary to confirm your identity before responding to any request you make.
The right to be informed
You have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Statement.
The right to access your personal data and correction
You have the right to access the personal data we hold about you, as well as correct, update or complete it at any time.
The right to deletion of your personal data
You have right to request that we delete your personal data. However, this is not an absolute right and we may have legitimate, legal and regulatory reasons to retain your personal data.
The right to object
Under certain circumstances, you have the right to object to certain types of processing based on grounds relating to your particular situation when such processing is based on our or another’s legitimate interest. If you exercise this right, we will stop using your personal data for this purpose, unless we can demonstrate compelling legitimate grounds to continue processing your personal data that would outweigh your interests, rights and freedoms. You have the right to object to the processing of your personal data for direct marketing activities (for example, by clicking on the unsubscribe link in our emails).
The right to withdraw consent
Where we rely on your consent to process personal data, you have the right to withdraw consent at any time, without affecting our processing of your personal data before you withdrew consent.
The right to restriction of processing
Under certain circumstances you have the right to restrict the processing of your personal data if:
- you do not believe the personal data we have about you is accurate; or
- you consider that the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
- we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
- you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.
The right to data portability
Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies to personal data you have provided to us and where the processing: (i) is based on your consent or takes place for the performance of a contract; and (ii) it takes place by automated means.
The right to lodge a complaint with a supervisory authority
If you think that we have not met the data protection or privacy requirements, you have the right to make a complaint to the data protection authority in the country where you usually live or work, or where an alleged infringement of applicable data protection laws has taken place.
If you want to bring a specific complaint against Danone Nutricia Nederland B.V. for the way your personal data has been processed you can raise a complaint with the Autoriteit Persoonsgegevens.
13. How to contact us
If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us via dpo.benelux@danone.com
14. Changes to our Privacy Statement
We may update our Privacy Statement from time to time (for example, to comply with changes in laws or regulations, our practices, procedures and organizational structures, requirements imposed or recommended by supervisory authorities or otherwise). Any changes we make to our Privacy Statement in the future will be posted on this page and will be applicable on the effective date of implementation. Where we are legally required to do so, we will notify you of any changes. Please check back frequently to see any updates or changes to our Privacy Statement.
This Privacy Statement was last updated on November 18, 2024.