Statement on Privacy
Introduction
Danone knows that you care how your personal data is used and we recognize the importance of protecting your privacy.
This Privacy Statement explains how Danone S.A. and all its subsidiaries (“Danone”) collect and manage your personal data. It contains information on what data we collect, how we use it, why we need it and how it can benefit you.
Contact us here if you have any queries and comments, or if you want to make a request regarding any of your data subject rights.
This privacy statement was last updated on May 20th 2018.
Basic principles and our privacy commitment
At Danone we are committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have therefore committed ourselves to the following basic principles:
· You have no obligation to provide any personal data requested by us. However, if you choose not to, we may not be able to provide you with some services;
· We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to;
· We aim to collect, process and use as little personal data as possible;
· When we do collect your personal data, we aim to keep it as accurate and up to date as possible.
· If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
· Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement.
What personal data do we collect?
The personal data we collect varies depending upon the purpose of the collection and the service we are providing you.
Generally, we may collect the following types of personal data from you directly:
a) Browser history, such as pages accessed, date of access, location when accessed, and IP address;
b) Demographic information, such as your age and gender and lifestyle preferences. Lifestyle preferences may include your preference for some of the products we offer, and your interests related to those products;
c) Browser history, such as pages accessed, date of access, location when accessed, and IP address;
d) If ever you apply for employment with us, we will collect additional personal data, such as your employment history, educational history and employment references.
Why do we collect and use your personal data?
We collect your personal data so we can provide you with the best online experience and to provide you with a high quality of customer service. In particular we may collect, hold, use and disclose your personal data for the following purposes:
a) To develop and improve our services, communication methods and the functionality of our websites;
b) To understand and assess the interests, wants, and changing needs of customers, in order to improving our website, our current services, and/or developing new services;
We may also need your personal data to comply with legal obligations or in the context of a contractual relationship that we have with you.
When we collect and use your personal data for purposes mentioned above or for other purposes, we will inform you before or at the time of collection.
Where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time.
Your rights
Where we process your personal data, according to applicable legislation, you might be entitled to a number of rights and, when applicable can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights, when eligible to, via our contact page.
The right to access your personal data and correction
You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact us via our contact page.
The right to data portability
Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies where:
a) The processing is based on your consent;
b) The processing takes place for the performance of a contract;
c) The processing takes place by automated means;
If you wish to exercise your right to data portability, please contact us via our contact page.
The right to deletion of your personal data
You have right to request that we delete your data if:
a) your personal data is no longer necessary in relation to the purposes for which we collected it; or
b) you withdraw the consent that you had previously given us to process your personal data, and there is no other legal ground to process that personal data; or
c) you object to us processing your personal data for direct marketing purposes; or
d) you object to us processing your personal data for Danone’s legitimate interests (such as improving overall user experience on websites);
e) the personal data is not being processed lawfully; or
f) your personal data needs to be deleted to comply with the law.
If you wish to delete the personal data we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements.
If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
The right to restriction of processing
You have the right to restrict the processing of your personal data if
a) you do not believe the personal data we have about you is accurate; or
b) the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
c) we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
d) you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.
If you wish to restrict our processing of your personal data, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements.
The right to object
You have the right to object to the processing of your personal data at any time. Please contact us via our contact page.
The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint directly with supervisory authority about how we process personal data.
How we protect your personal data
We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.
Sharing of your personal data
When we share your personal data with affiliates and other organizations, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.
Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement. We may, however, share your data when required by law and/or government authorities.
Sharing data internationally
Personal data may be processed outside the European Economic Area (EEA). When processed outside the EEA, Danone will make sure that this cross-border data processing is protected by adequate safeguards.
The safeguards that we use to protect cross-border data processing include:
a) Model Contractual Clauses approved by European Commission. These standardized contractual clauses provide sufficient safeguards to meet the adequacy and security requirements of the European General Data Protection Regulation; or
b) certifications which demonstrate that third parties outside of the EEA process personal data in a way that is consistent with the European General Data Protection Regulation. These certifications are approved either by the European Commission, a competent supervisory authority or a competent national accreditation body in terms of General Data Protection Regulation.
Cookies and other technologies
We may also collect personal data about you through the use of cookies and other technologies. This may occur when you visit our sites or third-party sites, view our online promotions, or use our/third-party mobile applications and may include the following information:
a) Information about your device browser and operating system;
b) The IP address of the device you are using;
c) Web pages of ours that you view;
d) Links that you click while interactive with our services.
Please see our cookie statement for more information on this.
How to contact us
If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us via our contact page.