Last updated on August 2016
Nestlé S.A. and its group companies (Nestlé) is committed to safeguarding your privacy and ensuring that you continue to trust Nestlé with your personal data. When you interact with us, you may share personal information with us which allows identification of you as an individual (e.g. name, email address, address, telephone number). This is known as “personal data”.
This notice (Privacy Notice) sets out:
Scope and acceptance
Personal data collected by Nestlé
Children’s personal data
Why Nestlé collects personal data and how it uses it
Sharing of personal data by Nestlé
Data security and retention
How to contact us
1. Scope and acceptance of this Privacy Notice
This Privacy Notice applies to the personal data that we collect about you for the purposes of providing you with our products and services we offer.
By using Nestlé websites, mobile applications, text messaging programs or through Nestlé branded pages or applications on third party social networks (e.g. Facebook) (Nestlé Sites) or by giving us your personal data, you accept the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not use Nestlé Sites or give us any personal data.
Nestlé reserves the right to make changes to this Privacy Notice at any time. We encourage you to regularly review this Privacy Notice to make sure you are aware of any changes and how your personal data may be used.
2. Data collected by Nestlé
Nestlé may collect personal data about you from a variety of sources, including through:
- Online and electronic interactions with us, including via Nestlé Sites;
- Offline interactions with us, including via direct marketing campaigns, hard copy registration cards, competition entries and contacts through Nestlé consumer services call centres; and
- Your interaction with online targeted content (such as advertisements) that Nestlé, or service providers on our behalf, provide to you via third party websites or applications.
2.1 Data that you provide to us directly
This is data that you provide to us with your consent for a specified purpose, including:
- Personal contact information, including any information allowing Nestlé to contact you in person (e.g. name, home or (e)mail address, and phone number);
- Demographic information, including date of birth, age, gender, location (e.g. zip code, city and state and geo-location), favourite products, hobbies, interests, and household or lifestyle information;
- Payment information, including to make purchases (e.g. credit card number, expiration date, billing address);
- Account login information, including any information that is required for you to establish a user account with Nestlé (e.g. login ID/email, user name, password and security question/answer);
- Consumer feedback, including information that you share with Nestlé about your experience in using Nestlé products and services (e.g. your comments and suggestions, testimonials and other feedback related to Nestlé products); and
- Consumer-generated content, including any content (e.g. photos, videos and personal stories) that you create and then share with Nestlé (and perhaps others) by uploading it to a Nestlé Site.
2.2 Data that we collect when you interact with Nestlé Sites
Our website may also use a website recording service which may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. Data collected by this service is used to improve our website usability. The information collected is stored and is used for aggregated and statistical reporting, and is not shared with anybody else.
2.3 Data collected from other sources
We may collect information about you from other legitimate sources for the purpose of providing you with our products and services. Such sources include third party data aggregators, Nestlé promotional partners, public sources and third party social networking sites. Such information may include:
- personal contact information; and
- any personal data that is part of your profile on a third party social network (e.g. Facebook) and that you allow that third party social network to share with us (e.g. name, email address, gender, birthday, city, profile picture, user ID, friend list). You can learn more about the data that we may obtain about you by visiting the website of the relevant third party social network.
We may also receive personal data about individuals when we acquire other companies.
3. Children’s personal data
Nestlé does not knowingly solicit or collect personal data from children below the age of 12. If Nestlé discovers that it has accidentally collected personal data from a child below 12, it will remove that child’s personal data from its records as soon as reasonably possible. However, Nestlé may collect personal data about children below the age of 12 years of age from the parent or custodian directly and therefore with their explicit consent.
4. Why Nestlé collects personal data and how it uses it
Nestlé collects and uses personal data only as necessary for the purposes for which it was obtained. Nestlé may use your personal data for some or all of the following purposes:
- Orders - to process and ship your orders and to inform you about the status of your orders. Please note that there are many e-commerce websites that sell Nestlé products but that are not controlled or operated by Nestlé. We recommend that you read their policies, including on privacy, before making any purchases on those websites.
- Account maintenance - to create and maintain your accounts with us, including administering any consumer loyalty or rewards programs that are associated with your account.
- Consumer service - to provide you with consumer service, including responses to your inquiries, complaints and general feedback about our products. Consumer service may be provided through various forms of communication, including via email, letter, telephone and online chat features.
- Consumer engagement - to get you more actively engaged with our products and services. This may involve the use or publication of consumer-generated content.
- Personalisation - Nestlé may combine personal data about you collected from one source (e.g. a website) with data collected from another source (e.g. an offline event). This provides Nestlé with a more complete view of you as a consumer, which, in turn, allows Nestlé to serve you better and with greater personalisation, including in respect of the following:
- Websites - to improve and personalise your experience on websites, using data such as account login information, technical computer information, and/or previous website usage information;
- Products - to improve Nestlé’s products, tailor them to your needs and come up with new product ideas. This includes the use of demographic information, consumer profiling information and consumer feedback; and
- Interest-based advertising - to serve you advertisements tailored to your interests. One way Nestlé does this is to match activities or information collected on Nestlé Sites with data collected about you on third party sites (i.e. data-matching). This type of advertising is also known as “online behavioural advertising” or “targeted advertising”. Such personalisation is typically performed via cookies or similar technologies.
- Marketing communications - to provide you with marketing communications where you have opted-in to receiving such communications (including information about Nestlé, its products and services, competitions and promotions). These can be shared via electronic means (e.g. SMS, emails and online advertising) and via post. If you opt-in to receiving SMS, your mobile service provider’s policy for receiving SMS will apply, which may be at a fee.
- Social features – to offer you a number of social features, including the following:
- Website community features on a Nestlé Site - When you visit a Nestlé Site with a community feature and upload or share recipes, pictures, videos, artwork or other content, Nestlé may use and display the personal data that you share on such sites.
- Website viral features - Nestlé may use your personal data to offer you website viral features, such as a tell-a-friend program, where you can share certain news, product information, promotions or other content with family and friends. This typically requires the collection and use of personal contact information (e.g. names and emails) so that the selected one-time message/content can be delivered to their recipients.
- Third party social networking - Nestlé may use your personal data from when you interact with third party social networking features such as “Facebook Connect” or “Facebook Like”. These features may be integrated on Nestlé Sites including for purposes such as running contests and allowing you to share content with friends. If you use these features, Nestlé may have the ability to obtain certain personal data about you from your social networking information. You can learn more about how these features work, and the profile data Nestlé may obtain about you, by visiting the website of the relevant third party social network.
- Other specific purposes - We may use your personal data for other specific business purposes, including to maintain the day-to-day operation and security of Nestlé Sites, to conduct demographic studies or audits, and to contact you for consumer research.
- Media relations - When you submit a media enquiry, the personal details that you provide, and the subject matter of your query, will be collected and stored by Nestlé Corporate Communications in its database, which is accessible worldwide by Nestlé’s Corporate Communication teams.
Your personal details may be used to send you news and information about Nestlé and invitations to events relevant to your interests and will be retained and kept secure by Nestlé as set out in this privacy notice. If you do not agree, please let us know by sending an email to firstname.lastname@example.org. If you consent, you may revoke it at any time by sending an email to email@example.com.
5. Sharing of personal data by Nestlé
Nestlé does not share your personal data with any third party that intends to use it for direct marketing purposes, unless you have provided specific consent in relation to this.
Nestlé may share your personal data with third parties for other purposes, but only in the following circumstances:
Nestlé may provide your personal data to its affiliates or related companies for legitimate business purposes.
5.2 Service providers
Nestlé may engage service providers, agents or contractors to provide services on its behalf, including to administer Nestlé Sites and services available to you. These third parties may come to access or otherwise process your personal data in the course of providing these services.
Nestlé requires such third parties, who may be based outside the country from which you have accessed the Nestlé Site or service, to comply with all relevant data protection laws and security requirements in relation to your personal data, usually by way of a written agreement.
5.3 Partners and joint promotions
Nestlé may run a joint or co-sponsored program or promotion with another company and, as part of your involvement in the activity, collect and use your personal data.
Your personal data will only be shared with another company if you have opted in to receive information directly from that company. Nestlé encourages you to read the privacy notice of any such company before sharing personal data. If you do not want your personal data to be collected by or shared with a company other than Nestlé, you can always choose not to participate in such activity. If you do opt-in to communications from such a company, remember that you always have the right to opt-out and you would need to contact that company directly to do so.
5.4 Legal requirements and business transfer
Nestlé may disclose your personal data if it is required to do so by law or if, in Nestlé’s good faith judgment, such legal disclosure is reasonably necessary to comply with legal processes or respond to any claims.
In the event of a full or partial merger with, or acquisition of all or part of Nestlé by another company, the acquirer would have access to the information maintained by that Nestlé business, which could include personal data.
6. Your rights
6.1 Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications about Nestlé and can do so by:
(a) following the instructions for opt-out in the relevant marketing communication;
(b) if you have an account with Nestlé, you may have the option to change your opt-in/opt-out preferences under the relevant edit-account section of the account; or
(c) contacting us.
Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from Nestlé, such as order confirmations and notifications about your account activities (e.g. account confirmations and password changes).
6.2 Access and rectification
You have a right to request access to your personal data. You may send us a request for access.
You also have the right to request that Nestlé correct any inaccuracies in your personal data. If you have an account with Nestlé for a Nestlé Site, this can usually be done through the appropriate "your account" or "your profile" section(s) on the Nestlé Site (if available). Otherwise, you can send us a request to rectify your data.
7. Data security and retention
7.1 Data security
In order to keep your personal data secure, Nestlé has implemented a number of security measures, including:
- Secure operating environments - Nestlé stores your data in secure operating environments and only accessible to Nestlé employees, agents and contractors on a need-to-know basis. Nestlé also follows generally accepted industry standards in this respect.
- Encryption for payment information - Nestlé uses industry-standard encryption to provide protection for sensitive financial information, such as credit card information sent over the Internet (e.g. when you make payments through Nestlé’s online stores).
- Prior authentication for account access - Nestlé requires its registered consumers to verify their identity (e.g. login ID and password) before they can access or make changes to their account. This is aimed to prevent unauthorized accesses.
Please note that these protections do not apply to personal data you choose to share in public areas such as on community websites.
Nestlé will only retain your personal data for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws.
This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner.
8. Contact us
Nestlé acts as “data controller” for the personal data it processes in the framework of this Privacy Notice. If you have any questions or comments regarding this Privacy Notice or Nestlé’s personal data collection practices, please contact us online, or in writing to Nestlé S.A., Data Privacy Officer, 1800 Vevey, Switzerland.
Copyright © August 2015 Nestlé S.A.