Last updated July 2016
Nestlé S.A. and its group companies (Nestlé) is committed to safeguarding your privacy and ensuring that you continue to trust Nestlé with your personal data. When you interact with us, you may share personal information with us which allows identification of you as an individual (e.g. name, email address, address, telephone number). This is known as “personal data”.
This notice (Privacy Notice) sets out:
- Scope and acceptance
- Personal data collected by Nestlé
- Why Nestlé collects personal data and how it uses it
- Sharing of personal data by Nestlé
- Your rights
- Data security and retention
- How to contact us
1. Scope and acceptance of this Privacy Notice
This Privacy Notice applies to the personal data that we collect about you for the purposes of providing you with our products and services, including making available to you the use of the HENRi Platform.
By using this Nestlé website and other assets such as mobile applications, text messaging programs or through Nestlé branded pages or applications on third party social networks (e.g. Facebook) (Nestlé Site) or by giving us your personal data, you accept the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not use the Nestlé Site or give us any personal data.
Nestlé reserves the right to make changes to this Privacy Notice at any time. We encourage you to regularly review this Privacy Notice to make sure you are aware of any changes and how your personal data may be used.
2. Data collected by Nestlé
Nestlé may collect personal data about you from a variety of sources, including through:
- Online and electronic interactions with us, including via Nestlé Sites;
- Offline interactions with us, including via direct marketing campaigns, hard copy registration cards, competition entries, contacts through Nestlé consumer services call centres or through innovation and marketing events; and
- Your interaction with online targeted content (such as advertisements) that Nestlé, or service providers on our behalf, provide to you via third party websites or applications.
2.1 Data that you provide to us directly
This is data that you provide to us with your consent for a specified purpose, including:
- Personal contact information, including any information allowing Nestlé to contact you in person (e.g. name, home address, company affiliation and location, (e)mail address, and/or phone number);
- Demographic information, including date of birth, age, gender, location (e.g. zip code, city and state and geo-location), interests;
- Payment information, including to make purchases (e.g. credit card number, expiration date, billing address);
- Account login information, including any information that is required for you to establish a user account with Nestlé (e.g. login ID/email, user name, company name, password and security question/answer);
- User feedback, including information that you share with Nestlé about your experience in using Nestlé products and services (e.g. your comments, testimonials and other feedback related to Nestlé); and
- User-generated content, including any content (e.g. photos, videos and personal stories) that you create and then share with Nestlé (and perhaps others) by uploading it to a Nestlé Site.
2.2 Data that we collect when you interact with Nestlé Sites
2.3 Data collected from other sources
We may collect information about you from other legitimate sources for the purpose of providing you with our products and services. Such sources include third party data aggregators, Nestlé promotional partners, public sources and third party social networking sites. Such information may include:
- personal contact information; and
- any personal data that is part of your profile on a third party social network (e.g. Facebook) and that you allow that third party social network to share with us (e.g. name, email address, gender, birthday, city, profile picture, user ID, friend list). You can learn more about the data that we may obtain about you by visiting the website of the relevant third party social network.
We may also receive personal data about individuals when we acquire other companies.
3. Why Nestlé collects personal data and how it uses it
Nestlé collects and uses personal data only as necessary for the purposes for which it was obtained. Nestlé may use your personal data for some or all of the following purposes:
- Account maintenance - to create and maintain your accounts with us, including administering any programs or submission process that are associated with your account or managing your relationship with Nestlé on the HENRi Platform.
- Consumer service - to provide you with dedicated service team (such as consumer services), including responses to your inquiries, complaints and general feedback about our products, services or platforms. These services may be provided through various forms of communication, including via email, letter, telephone and online chat features.
- Consumer engagement - to get you more actively engaged with our products, services or platforms. This may involve the use or publication of user-generated content.
- Personalisation - Nestlé may combine personal data about you collected from one source (e.g. a website) with data collected from another source (e.g. an offline event). This provides Nestlé with a more complete view of you as a consumer or a company, which, in turn, allows Nestlé to serve you better and with greater personalisation, including in respect of the following:
- Websites - to improve and personalise your experience on websites, using data such as account login information, technical computer information, and/or previous website usage information;
- Products - to improve Nestlé’s products, tailor them to your needs and come up with new product ideas. This includes the use of demographic information, profiling information and feedback; and
- Interest-based advertising - to serve you advertisements or newsletters tailored to your interests. One way Nestlé does this is to match activities or information collected on Nestlé Sites with data collected about you on third party sites (i.e. data-matching). This type of advertising is also known as “online behavioural advertising” or “targeted advertising”. Such personalisation is typically performed via cookies or similar technologies.
- Collaboration programs: to keep you up-to-date with news, current programs and other innovation related activities run by Nestlé, for example on the HENRi Platform.
- Marketing communications - to provide you with marketing communications where you have opted-in to receiving such communications (including information about Nestlé, its products, services, and other programs, such as innovation submissions, competitions or promotions). These can be shared via electronic means (e.g. SMS, emails and online advertising) and via post.
If you opt-in to receiving SMS, your mobile service provider’s policy for receiving SMS will apply, which may be at a fee.
- Social features – to offer you a number of social features, including the following:
- Website community features on a Nestlé Site - When you visit a Nestlé Site with a community feature and upload or share recipes, pictures, videos, artwork or other content, Nestlé may use and display the personal data that you share on such sites.
- Website viral features - Nestlé may use your personal data to offer you website viral features, such as a tell-a-friend program, where you can share certain news, product information, promotions or other content with family and friends. This typically requires the collection and use of personal contact information (e.g. names and emails) so that the selected one-time message/content can be delivered to their recipients.
- Third party social networking - Nestlé may use your personal data from when you interact with third party social networking features such as “Facebook Connect” or “Facebook Like”. These features may be integrated on Nestlé Sites including for purposes such as running contests and allowing you to share content with friends. If you use these features, Nestlé may have the ability to obtain certain personal data about you from your social networking information. You can learn more about how these features work, and the profile data Nestlé may obtain about you, by visiting the website of the relevant third party social network.
- Other specific purposes - We may use your personal data for other specific business purposes, including to maintain the day-to-day operation and security of Nestlé Sites, to conduct demographic studies or audits, and to contact you for consumer research.
4. Sharing of personal data by Nestlé
Nestlé does not share your personal data with any third party that intends to use it for direct marketing purposes, unless you have provided specific consent in relation to this.
Nestlé may share your personal data with third parties for other purposes, but only in the following circumstances:
Nestlé may provide your personal data to its affiliates or related companies for legitimate business purposes.
4.2 Service providers
Nestlé may engage service providers, agents or contractors to provide services on its behalf, including to administer Nestlé Sites and services available to you. These third parties may come to access or otherwise process your personal data in the course of providing these services.
Nestlé requires such third parties, who may be based outside the country from which you have accessed the Nestlé Site or service, to comply with all relevant data protection laws and security requirements in relation to your personal data, usually by way of a written agreement.
4.3 Partners and joint promotions
Nestlé may run a joint or co-sponsored program or promotion with another company and, as part of your involvement in the activity, collect and use your personal data.
Your personal data will only be shared with another company if you have opted in to receive information directly from that company. Nestlé encourages you to read the privacy notice of any such company before sharing personal data. If you do not want your personal data to be collected by or shared with a company other than Nestlé, you can always choose not to participate in such activity. If you do opt-in to communications from such a company, remember that you always have the right to opt-out and you would need to contact that company directly to do so.
4.4 Legal requirements and business transfer
Nestlé may disclose your personal data if it is required to do so by law or if, in Nestlé’s good faith judgment, such legal disclosure is reasonably necessary to comply with legal processes or respond to any claims.
In the event of a full or partial merger with, or acquisition of all or part of Nestlé by another company, the acquirer would have access to the information maintained by that Nestlé business, which could include personal data.
5. Your rights
5.1 Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications about Nestlé or any related programs and can do so by:
(a) following the instructions for opt-out in the relevant marketing communication;
(b) if you have an account with Nestlé, you may have the option to change your opt-in/opt-out preferences under the relevant edit-account section of the account; or
(c) contacting us.
Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from Nestlé, such as order confirmations and notifications about your account activities (e.g. account confirmations and password changes).
5.2 Access and rectification
You have a right to request access to your personal data. You may send us a request for access.
You also have the right to request that Nestlé correct any inaccuracies in your personal data. If you have an account with Nestlé for a Nestlé Site, this can usually be done through the appropriate "your account" or "your profile" section(s) on the Nestlé Site (if available). Otherwise, you can send us a request to rectify your data.
6. Data security and retention
6.1 Data security
In order to keep your personal data secure, Nestlé has implemented a number of security measures, including:
- Secure operating environments - Nestlé stores your data in secure operating environments and only accessible to Nestlé employees, agents and contractors on a need-to-know basis. Nestlé also follows generally accepted industry standards in this respect.
- Encryption for payment information - Nestlé uses industry-standard encryption to provide protection for sensitive financial information, such as credit card information sent over the Internet (e.g. when you make payments through Nestlé’s online stores).
- Prior authentication for account access - Nestlé requires its registered consumers to verify their identity (e.g. login ID and password) before they can access or make changes to their account. This is aimed to prevent unauthorized accesses.
Please note that these protections do not apply to personal data you choose to share in public areas such as on community websites.
Nestlé will only retain your personal data for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws.
This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner.
7. Contact us
Nestlé acts as “data controller” for the personal data it processes in the framework of this Privacy Notice. If you have any questions or comments regarding this Privacy Notice or Nestlé’s personal data collection practices, please contact us at [email protected], or in writing to Nestlé S.A., Data Privacy Officer, 1800 Vevey, Switzerland.
To view our Cookie Notice, please click here.