Privacy Policy

NESTLE OPTIJOURNEY™ PRIVACY NOTICE

Effective: MAY 2019


Thank you for visiting. We hope you enjoy learning more about Nestlé Health Science and our products.

Please read this privacy notice (“Notice”) carefully to understand our policies and practices regarding your Personal Data and how we will treat it. This Notice applies to individuals who interact with Nestlé services as consumers (“you”). This Notice explains how your Personal Data are collected, used, and disclosed by Nestlé UK (“Nestlé”, “We”, Us”), which is the Data Controller for the purposes of this Notice. It also tells you how you can access and update your Personal Data and make certain choices about how your Personal Data are used.

This Notice covers both our online and offline data collection activities, including Personal Data that We collect through our various channels such as websites, apps, third party social networks, Consumer Engagement Service, points of sale, and events, as part of the OptiJourneytm programme. Please note that We might aggregate personal data from different sources (website, offline event), as described below.

If you do not provide necessary Personal Data to us (We will indicate to you when this is the case, for example, by making this information clear in our registration forms), We may not be able to provide you with our goods and/or services. This Notice can change from time to time (see Section 11).


This Notice provides important information in the following areas:


______________________________________________________________

1. SOURCES OF PERSONAL DATA

2. PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

3. PERSONAL DATA OF CHILDREN

4. COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS

5. USES MADE OF YOUR PERSONAL DATA

6. DISCLOSURE OF YOUR PERSONAL DATA

7. RETENTION OF PERSONAL DATA

8. STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA

9. ACCESS TO YOUR PERSONAL DATA

10. YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA

11.CHANGES TO OUR NOTICE

12. DATA CONTROLLERS & CONTACT

__________________________________________________________

1. SOURCES OF PERSONAL DATA

This Notice applies to Personal Data that We collect from or about you, through the methods described below (see Section 2), from the following sources:

Nestlé websites. Consumer-directed websites operated by or for Nestlé, including sites that We operate under our own domains/URLs and mini-sites that We run on third party social networks such as Facebook (“Websites”).

Nestlé mobile sites/apps. Consumer-directed mobile sites or applications operated by or for Nestlé, such as smartphone apps. This includes apps and services operated on our behalf by AVA (Pocket Coach, Inc.)

E-mail, text and other electronic messages. Electronic communications between you and Nestlé, e.g. our Consumer Engagement Centre (“CES”) or equivalents.

Offline registration forms. Printed or digital registration and similar forms that We collect via, for example, postal mail, in-store demos, contests and other promotions, or events.

Advertising interactions. Interactions with our advertisements (e.g., if you interact with on one of our ads on a third party website, we may receive information about that interaction).

Data from other sources.We may receive Personal Data (such as complaint reports) from your pharmacists, coaches or medical professionals. We may also receive Personal Data from third party social networks (e.g. such as Facebook, Google), market research (if feedback was not provided on an anonymous basis), third party data aggregators, Nestlé promotional partners, public sources and data received when we acquire other companies.

2. PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

Depending on how you interact with Nestlé (online, offline, over the phone, etc.), We collect various types of information from you, as described below. This is typically Personal Data about you.

Personal contact information. This includes any information you provide to Us that would allow Us to contact you, such as your name, postal address, e-mail address, social network details, or phone number

Account login information. Any information that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.

Demographic information & interests. Any information that describes your demographic or behavioural characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g. postcode/zip code), favourite products, hobbies and interests, household or lifestyle information, activity levels (e.g. self-reported exercise type and duration), water intake and food consumption.

Information from computer/mobile device.Any information about the computer system or other technological device that you use to access one of our Websites or apps, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Nestlé website or app via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data. If you connect other third party accounts or devices (e.g. Apple Healthkit, or fitness tracker devices such as a Fitbit, an Apple Watch or smart scales), We may also collect information about and from those connected accounts and devices.

Websites/communication usage information.As you navigate through and interact with our Websites, apps or newsletters, We use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons, and is also collected through the use of third party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies; for further details please see Section 4.

Market research & consumer feedback. Any information that you voluntarily share with Us about your experience of using our products and services

Consumer-generated content. Any content that you create and then share with Us on third party social networks or by uploading it to one of our Websites or apps, including the use of third party social network apps such as Facebook. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third party social networking. Some of your Consumer-generated content may be Sensitive Personal Data (see below).

Third party social network information.Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Nestlé web application on a third party social network such as Facebook, every time you use a social networking feature that is integrated within a Nestlé site (such as Facebook Connect) or every time you interact with Us through a third party social network. To learn more about how your information from a third party social network is obtained by Nestlé, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.

Communications with Chat-bots and Coaches, Coach notes, and Appointment details.When using chat-bots or interacting with coaches or other persons through the app, the content of communications and any notes made by coaches may be retained and monitored (to the extent permitted under applicable law, including with your consent where required) for service provision and improvement purposes, for compliance with applicable laws, and in connection with legal claims. We will also use details of appointments, including with pharmacists, to provide the OptiJourney programme to you; in particular, your record of whether you attended important appointments may be used to determine eligibility to continue with the programme.

Content and details of calls and emails to Consumer Engagement Services or equivalent.Communications with a CES or other consumer support team can be recorded or listened into, in accordance with applicable laws, for local operational needs (e.g. for quality or training purposes). Where required by law, you will be reminded about such recording at the beginning of a call.

Calls to Consumer Engagement Services. Communications with a CES can be recorded or listened into, in accordance with applicable laws, for local operational needs (e.g. for quality or training purposes). Payment card details are not recorded. Where required by law, you will be informed about such recording at the beginning of your call.

Sensitive Personal Data. . We process certain sensitive personal data that you provide to us for service provision, marketing or improvement purposes with your prior express consent. If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime (including the prevention of fraud); and (ii) compliance with applicable law (e.g. to comply with our diversity reporting).

3. PERSONAL DATA OF CHILDREN

We do not knowingly solicit or collect personal data from children below the age of 13. If we discover that we have unintentionally collected personal data from a child below 13, we will remove that child’s personal data from our records promptly. However, Nestlé may collect personal data about children below the age of 13 years of age from the parent or guardian directly, and with that person’s explicit consent.


4. COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS

Cookies/Similar Technologies Please see our Cookie Notice to learn how you can manage your cookie settings and for detailed information on the cookies We use and the purposes for which We use them.

Log Files. We collect information in the form of log files that record website activity and gather statistics about your browsing habits. These entries are generated automatically, and help Us to troubleshoot errors, improve performance and maintain the security of our Websites.

Web Beacons. Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on our Websites or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation


5. USES MADE OF YOUR PERSONAL DATA

The following paragraphs describe the various purposes for which We collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual.


What We use your Personal Data for Our reasons Our legitimate interests
Providing OptiJourney programme services to you. We and our partners will use your Personal Data (including health data) to determine whether you are suitable for OptiJourney, and if yes, then we use your Personal Data in order to send you more details and provide the OptiJourney programme to you, including in-app features, notifications, and coaching advice. Any consents on which we rely (in particular, to the use of health information) can be withdrawn at any time; see Section 9 below
  • Entering into and fulfilling contracts with you
  • With your consent (where required)
Consumer service. We and our partners use your Personal Data for consumer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your enquiry (e.g. order status, technical issue, product question/complaint, general question, etc.). If your enquiry relates to your health, or other sensitive personal data, then such data will need to be used in order to deal with your enquiry.
  • Legal obligations
  • Fulfilling contractual obligations
  • Our or third parties' legitimate interests
  • With your consent (where required)
  • Improving and developing new products and services
  • Being more efficient
  • Defending our interests or those of our partners, including enforcement of contracts or defence of legal claims
  • Compliance with legal obligations
Contests, marketing and other promotions. With your consent (where required), We use your Personal Data to provide you with information about goods or services (e.g. marketing communications or campaigns or promotions). This can be done via means such as email, ads, SMS, phone calls and postal mailings to the extent permitted by applicable laws. Some of our campaigns and promotions are run on third party websites and/or social networks. This use of your Personal Data is voluntary, which means that you can oppose (or where applicable, withdraw your consent to) the processing of your Personal Data for this purpose. For detailed information on how to modify your preferences about marketing communication, please see Sections 9 and 10 below. For more information about our contests and other promotions, please see the official rules or details posted with each contest/promotion.
  • With your consent (where required)
  • Fulfilling contractual obligations
  • Our legitimate interests
  • Working out which of our products and services may interest you and telling you about them
  • Defining types of consumers for new products or services
Third party social networks: We use your Personal Data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.
  • With your consent (where required)
  • Our legitimate interests
  • Working out which of our products and services may interest you and telling you about them
  • Defining types of consumers for new products or services
Personalisation (offline and online). With your consent (where required), We use your Personal Data (i) to analyse your preferences and habits, (ii) to anticipate your needs based on our analysis of your profile, (iii) to improve and personalise your experience on our Websites and apps; (iv) to ensure that content from our Websites/apps is optimised for you and for your computer or device; (v) to provide you with targeted advertising and content, and (vi) to allow you to participate in interactive features, when you choose to do so. For example, We remember your login ID/email address or screen name so that you can quickly login the next time you visit our site. Based on this type of information, and with your consent (where required), We also show you specific Nestlé content or promotions that are tailored to your interests. The use of your Personal Data for these purposes is voluntary, which means that you can oppose the processing of your Personal Data for this purpose. For detailed information on how to opt-out please refer to Section 10 below.
  • With your consent (where required)
  • Fulfilling contractual obligations
  • Our or third parties' legitimate interests
  • Working out which of our products and services may interest you and telling you about them
  • Improving our products and services generally, and making those that you use easier or more interesting for you to engage with
Other general purposes (e.g. internal or market research, analytic, security). Other general purposes (e.g. internal or market research, analytics, security). In accordance with applicable laws, We use your Personal Data for other general business purposes, such as conducting internal or market research and measuring the effectiveness of advertising campaigns. We reserve the right, if you have Nestlé accounts, to reconcile those accounts into one single account. We also use your Personal Data for management and operation of our and our partners' communications, IT and security systems. The use of your Personal Data for these purposes is voluntary, which means that you can oppose the processing of your Personal Data for this purpose. For detailed information on how to object, please refer to Section 10 below.
  • With your consent (where required)
  • Our or third parties' legitimate interests
  • Monitoring, securing and improving our products, services, systems, networks, staff and operations.
Legal reasons or merger/acquisition. In the event that Nestlé or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your Personal Data with any of our legal successors. We will also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our Website.
  • Legal obligations
  • Our or third parties' legitimate interests
  • With your consent (where required)
  • Compliance with legal obligations
  • Protect our assets and staff, and assist our partners or other third parties to do the same

6. DISCLOSURE OF YOUR PERSONAL DATA

We share your Personal Data with the following types of third party organisations:

Pharmacies/retailers. We share your contact details with partnering pharmacies/retailers so they can contact you, e.g. to arrange a consultations with you. We may also exchange information with them in order to investigate and resolve complaints or legal matters.

Service providers. These are external companies that We use to help Us run our business (e.g. website / app development and operation, market research companies, support services, promotions, website development, data analysis, etc.).

For the OptiJourney programme, our key service provider is AVA (Pocket Coach, Inc. – see eatwithava.com) – a specialist provider of customised nutrition programmes. Through AVA (which will use a third party service provider to store and process the Personal Data), your Personal Data will also be shared with coaches so they can provide you with personalised nutrition advice.

Service providers, and their selected staff and contractors (such as coaches), are only allowed to access and use your Personal Data for the specific tasks that they have been requested to carry out, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data (see Section 12 to contact Us).

Third party companies using Personal Data for their own marketing purposes. Except in situations where you have given your consent, We do not license or sell your Personal Data to third party companies for their own marketing purposes. Their identity will be disclosed at the time your consent is sought.

Third party recipients using Personal Data for legal reasons or due to merger/acquisition. We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger (see Section 5 for details).

7. RETENTION OF YOUR PERSONAL DATA

Nestlé takes every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the retention period for your Personal Data are:

(a) Nestlé will retain copies of your Personal Data in a form that allows for identification only for as long as:

    (i) We maintain an ongoing relationship with you (e.g. where you are included in our mailing list and have not unsubscribed)

   (ii) Your Personal Data are necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis,

(b) The duration of:

    (i) any applicable limitation period (i.e. any period during which a person could bring a legal claim against us), and

   (ii) an additional 2 months following the end of the applicable limitation period (so we are able to identify any personal data of a person who may bring a claim at the end of the applicable period),

(c) In addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional time necessary in connection with that claim

During the periods noted in paragraphs b (i) and b (ii) above, we will restrict our processing of your Personal Data to storage or, and maintaining the security of, those data, except to the extent the data need to be reviewed in connection with any claim, or any obligation under applicable law.

Once the periods in paragraphs (a), (b) and (c) above, each to the extent applicable, have concluded, we will either

    (i) permanently delete or destroy the relevant Personal Data or

   (ii) anonymise the relevant Personal Data.

8. DISCLOSURE, STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA

We use appropriate measures (described below) to keep your Personal Data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third party social networks.


People who can access your Personal Data. Your Personal Data will be processed by our authorised staff or agents, and partners, on a need to know basis, depending on the specific purposes for which your Personal Data have been collected (e.g. our staff in charge of consumer care matters will have access to your consumer record; coaches and Pharmacists will have access to data about your health and nutrition in order to monitor progress and provide input; and analysts will have access to de-identified, aggregate data about how people use the app in order to allow Us to monitor and improve service quality).

Measures taken in operating environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although We will do our best to protect your Personal Data, We cannot guarantee the security of the data during transmission through our Websites/apps.

Measures We expect you to take. It is important that you also play a role in keeping your Personal Data safe and secure. When signing up for an online account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public device, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the device. You should also make use of any privacy settings or controls We provide you in our Website/app.

Transfer of your Personal Data. Because of the international nature of our business, we may need to transfer your personal data within the Nestlé group, and to third parties as noted in Section 6 above, in connection with the purposes set out in this Privacy Notice. The storage as well as the processing of your Personal Data as described above may require that your Personal Data are ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence (e.g. the UK) and the wider European Economic Area (“EEA”), including to countries which have different data protection standards to those which apply in the UK and wider EEA. In particular, data collected within the OptiJourney App will be stored and processed in the USA by and for AVA and the coaches supporting your OptiJourney. We (i) have put in place European Commission approved standard contractual clauses to protect your Personal Data (and you have a right to ask Us for a copy of these clauses (by contacting Us as set out below) and/or (ii) will rely on your consent (where permitted by law).

9. YOUR RIGHTS

Access to Personal Data. You have the right to access, review and request a copy of information held about you. You also have the right to request information on the sources and uses of your Personal Data.

Additional rights (e.g. modification, deletion of Personal Data). Where provided by law, you can (i) request the deletion, portability, correction or revision of your Personal Data; (ii) limit the use and disclosure of your Personal Data; and (iii) revoke consent to any of our data processing activities.

Subject to applicable law, you may also have the following additional rights regarding the use of your Relevant Personal Data:
  • the right to object, on grounds relating to your particular situation, to the use of your Personal Data by us, or on our behalf; and
  • the right to object to the Processing of your Personal Data by us, or on our behalf, for direct marketing purposes.

Please note that, in certain circumstances, We will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, including to satisfy our legal or contractual obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.

These rights can be exercised by sending Us an e-mail UKI.Dataprotection@uk.nestle.com or writing to us at Data Protection Nestle UK&I, Legal Department, 1 City Place, Gatwick, RH6 0PA, attaching a copy of your ID or equivalent details (where requested by Us and permitted by law). If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.

Where available, our Websites have a dedicated feature through which you can review and edit the Personal Data that you have provided. Please note that We require our registered consumers to verify their identity (e.g. login ID/email address, password) before they can access or make changes to their account information. This helps prevent unauthorised access to your account.

We hope that We can satisfy queries you may have about the way we process your Personal Data. However, if you have unresolved concerns you also have the right to complain to competent data protection authorities

10. YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA

We strive to provide you with choices regarding the Personal Data that you provide to Us. The following mechanisms give you the following control over your Personal Data:

Cookies/Similar TechnologiesYou manage your consent via (i) our consent management solution or (ii) your browser or device so as to refuse all or some cookies/similar technologies, or to alert you when they are being used. Please see Section 4 above.

Advertising, marketing and promotions. You can consent for your Personal Data to be used by Us to promote its products or services through tick-box(es) located on the registration forms or by answering the question(s) presented by our CES representatives. If you decide that you no longer wish to receive such communications, you can subsequently unsubscribe from receiving marketing-related communications at any time, by following the instructions provided in each such communication. To unsubscribe from marketing communications sent by any medium, including third party social networks, you can opt-out at any time by unsubscribing through links available in our communications, logging into the Websites/apps or third party social networks and adjusting your user preferences in your account profile by unchecking the relevant boxes or by calling our CES. Please note that, even if you opt-out from receiving marketing communications, you will still receive administrative communications from Us, such as order or other transaction confirmations, notifications about your account activities (e.g. account confirmations, password changes, etc.), and other important non marketing related announcements.

Targeted Advertising. We partner with ad networks and other ad serving providers (“Advertising Providers”) that serve advertising on behalf of Us and other non-affiliated companies on the Internet.  Some of those advertisements are tailored to your interests based on information collected on Nestlé sites or on non-affiliated websites over time.  You can visit www.aboutads.info/choices to learn more about this type of advertising, as well as about how to opt-out of interest-based advertising practices from companies that participate in the Digital Advertising Alliance’s (“DAA”) self-regulatory program. Additionally, you can opt-out of this type of advertising in mobile applications from companies that participate in the DAA’s AppChoices app by downloading the app from the iOS or Android app store.  You can also stop the collection of precise location data from a mobile device by accessing your device location service settings.

11. CHANGES TO THIS NOTICE

If We change the way We handle your Personal Data, We will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice.

12. DATA CONTROLLERS & CONTACT

To ask questions or make comments on this Notice and our privacy practices or to make a complaint about our compliance with applicable privacy laws, please contact Us at: Email nestlehealthscience@uk.nestle.com or writing to us at Nestlé Consumer Services, PO Box No 203, York, YO91 1XY or call on [UK) 00800 68874846 (ROI) 00800 6378 5385.

You can also contact our Data Protection contact via email at: UKI.Dataprotection@uk.nestle.com or post: Data Protection Nestle UK&I, Legal Department, 1 City Place, Gatwick, RH6 0PA

We will acknowledge and investigate any complaint about the way We manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws).

 

Data controllers

Responsible for

Nestlé Health Science Headquarters, a division of Nestle UK Ltd

1 City Place 
Gatwick 
RH6 0PA

All activities