We know that data privacy is a top issue today, and we want you to enjoy your interaction with us whilst knowing that we value your Personal Data and that we protect it.
Here you will find an overview of how we process your Personal Data, the purposes for which we process it, and how you benefit. You’ll also see what your rights are and how you can contact us.
Updates to this Privacy Notice Aged under 13? What data do we collect? Why do we process your Personal Data? Who can access your Personal Data and why? Transfer of your personal data What are your rights over your Personal Data? Data security and retention Contact us Of course, if you want more details, you can read the full Privacy Notice.
1. Updates to this Privacy Notice
As business and technology evolves, we might need to change this Privacy Notice. We encourage you to regularly review this Privacy Notice to make sure you are up-to-date with how Nestlé is using your Personal Data.
2. Aged under 13?
If you’re under the age of 13 we kindly ask you to wait to be a bit older to interact with us or ask a parent or guardian to contact us! We can’t collect and use your Personal Data without their agreement.
We also do not knowingly solicit or collect personal data from children under the age of 18 for the specific purposes of marketing communications.
3. What data do we collect?
The Personal Data that you give to us, e.g., when you create an account, make a purchase, login on our websites, contact us, provide feedback, fill in a form, send us an email , call us, share content on a Nestlé site or publicly share information about Nestlé on social media. The data that we create (e.g., when you make a purchase, and data that is collected automatically when you access one of our websites or apps, e.g., IP address, device ID, what browser you use or how you interact with Nestlé sites before or after having a Nestlé account. You can see our Cookies notice for more information on these technologies. Data collected from other legitimate sources such as Nestlé promotional partners, from public sources, data from your interaction with our advertising, or Personal Data that is part of your profile on a social network and that you have made available to us. Find out more: Personal data that we collect about you and how we collect it
4. Why do we process your Personal Data? We process your Personal Data, including any sensitive personal data that you have provided to us with your consent, to communicate with you, fulfil your purchase orders, answer your queries and provide you with communications about Nestlé and our products. We also process your Personal Data in order to help us comply with the law, to sell or transfer any relevant part of our business, to manage our systems and finances, to conduct investigations and to exercise legal rights. We combine your Personal Data from all sources so that we can understand you better to improve and personalise your experience when interacting with us.
Find out more: Uses made of your personal data
5. Who can access your Personal Data and why?
We limit the disclosure of your Personal Data to others, however we do need to disclose your Personal Data in certain instances and mainly to the following recipients:
Companies within the Nestlé Group, where required for our legitimate interests or with your consent; Third parties engaged by us to provide services such as administering Nestlé websites, applications and services (e.g. features, programs, and promotions) available to you, subject to appropriate protections; Credit reporting agencies/debt collectors, where permitted by the law and if we need to verify your creditworthiness (e.g. if you choose to order with invoice) or collect outstanding invoices; and Relevant public agencies and authorities, if required to do so by law or a legitimate business interest. Find out more: Disclosure of your personal data
6. Transfer of your personal data
We may process your Personal Data outside of the country in which you are based (including countries outside the European Economic Area) for the purposes set out in this notice. When we transfer your Personal Data to other countries, we take reasonable steps to ensure that applicable laws are being followed.
Find out more: Storage and/or transfer of your personal data 7. What are your rights over your Personal Data? Whenever we ask you to provide us with any Personal Data, you will be told why we need it and how it will be used. Your Personal Data will only be processed for the purposes set out in our Privacy Notice, or any other further purposes notified to you before the processing begins. If you choose not to provide Personal Data when we ask you, this may limit the services we can offer you. For example, if you do not provide your address, we cannot deliver your order. If you share Personal Data with us, you have a right to (i) request access (i.e. to ask us what data we have about you, and obtain a copy), (ii) ask for changes to be made or (iii) to have the data deleted. This can be done by logging into your account or contacting us. You can also opt-out of marketing communications by (i) clicking on the “unsubscribe” link provided in each email/SMS you might receive; (ii) changing preferences via your account or by contacting us. For cookies and similar technologies, you can manage your preferences through our Cookie Consent Tool in the bottom right corner of your screen and find more information in our Cookies notice. You may also have the right to (i) request the transfer of your Personal Data to another company; or to (ii) object to the processing of your Personal Data in certain circumstances. You can make a complaint If you are concerned about a possible interference with your privacy or misuse of your Personal Data by us you can contact us to make a complaint. We hope we can satisfy queries you may have about the way we process your Personal Data. However, if you have unresolved concerns you also have the right to complain to competent data protection authorities. Find out more: Your rights
8. Data security and retention
We use a variety of measures to keep your Personal Data confidential and secure, including restricting access to your Personal Data on a need to know basis and following appropriate security standards to protect your data.
We take every reasonable step to ensure that your Personal Data is only processed for the minimum period necessary in connection with: (i) the purposes set out in this Privacy Notice; (ii) any additional purposes notified to you at or before the time of collection of the relevant Personal Data or commencement of the relevant processing; or (iii) as required or permitted by applicable law; and thereafter, for the duration of any applicable limitation period. In short, once your Personal Data is no longer required, we will destroy or delete it in a secure manner.
Find out more: Retention of personal data
9. Contact us Nestlé S.A and the relevant Nestlé entity in your country of residence acts as “controllers” of your Personal Data that is processed under, or in connection with, this Privacy Notice. If you have any questions or comments regarding this Privacy Notice or Nestlé’s Personal Data collection and processing practices, please contact us, or email firstname.lastname@example.org or mail us at:
Data Protection Office Nestlé S.A. Avenue Nestlé 55 1800 Vevey Switzerland
For more information, read the full Privacy Notice.
Nestlé websites. Consumer-directed websites operated by or for Nestlé, including sites that We operate under our own domains/URLs and mini-sites that We run on third party social networks such as Facebook (“Websites”).
Nestlé mobile sites/apps. Consumer-directed mobile sites or applications operated by or for Nestlé, such as smartphone apps.
E-mail, text and other electronic messages. Interactions with electronic communications between you and Nestlé.
Nestlé CES. Communications with our Consumer Engagement Centre (“CES”).
Offline registration forms. Printed or digital registration and similar forms that We collect via, for example, postal mail, in-store demos, contests and other promotions, or events.
Advertising interactions. Interactions with our advertisements (e.g., if you interact with on one of our ads on a third party website, we may receive information about that interaction).
Data We create. In the course of our interactions with you, we may create Personal Data about you (e.g. records of your purchases from our websites).
Data from other sources. Third party social networks (e.g. such as Facebook), advertising networks (e.g. such as Google), market research (if feedback not provided on an anonymous basis), third party data aggregators, Nestlé promotional partners, public sources and data received when we acquire other companies.
Personal contact information. This includes any information you provide to Us that would allow Us to contact you, such as your name, postal address, e-mail address, social network details, or phone number.
Account login information. Any information that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.
Demographic information & interests. Any information that describes your demographic or behavioural characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g. postcode/zip code), favourite products, hobbies and interests, and household or lifestyle information.
Information from computer/mobile device. Any information about the computer system or other technological device that you use to access one of our Websites or apps, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Nestlé website or app via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.
Websites/communication usage information. As you navigate through and interact with our Websites or newsletters, We use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons, and is also collected through the use of third party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies, for further details please see Section 4.
Market research & consumer feedback. Any information that you voluntarily share with Us about your experience of using our products and services.
Consumer-generated content. Any content that you create and then share with Us on third party social networks or by uploading it to one of our Websites or apps, including the use of third party social network apps such as Facebook. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third party social networking.
Third party social network information. Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Nestlé web application on a third party social network such as Facebook, every time you use a social networking feature that is integrated within a Nestlé site (such as Facebook Connect) or every time you interact with Us through a third party social network. To learn more about how your information from a third party social network is obtained by Nestlé, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.
Payment and Financial information. Any information that We need in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations and security standards such as PCI DSS.
Calls to Consumer Engagement Services. Communications with a CES can be recorded or listened into, in accordance with applicable laws, for local operational needs (e.g. for quality or training purposes). Payment card details are not recorded. Where required by law, you will be informed about such recording at the beginning of your call.
Sensitive Personal Data. We do not seek to collect or otherwise process sensitive personal data in the ordinary course of our business. Where it becomes necessary to process your sensitive personal data for any reason, we rely on your prior express consent for any processing which is voluntary (e.g. for marketing purposes). If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime (including the prevention of fraud); and (ii) compliance with applicable law (e.g. to comply with our diversity reporting).
Log Files. We collect information in the form of log files that record website activity and gather statistics about your browsing habits. These entries are generated automatically, and help Us to troubleshoot errors, improve performance and maintain the security of our Websites.
Web Beacons. Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on our Websites or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation.
Service providers. These are external companies that We use to help Us run our business (e.g. order fulfilment, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development, data analysis, CRC, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on Our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data (see Section 12 to contact Us).
Credit reporting agencies/debt collectors. To the extent permitted by applicable law, credit reporting agencies and debt collectors are external companies that We use to help Us to verify your creditworthiness (in particular for orders with invoice) or to collect outstanding invoices.
Third party companies using Personal Data for their own marketing purposes. Except in situations where you have given your consent, We do not license or sell your Personal Data to third party companies for their own marketing purposes. Their identity will be disclosed at the time your consent is sought.
For example, we may share with Meta Platforms Ireland Limited (“Meta”) certain data regarding actions that you take on our Websites such as your visits to our Websites, your interactions on our Websites, use of Facebook Connect and information collected from cookies or similar technologies including the Facebook pixel. This allows us to measure the effectiveness of our advertising, improve our marketing practices, and helps us deliver more relevant advertising to you and people like you (including on social media such as Facebook). We are a joint data controller with Meta for this processing. This agreement means that we must provide you with this notice, but you should contact Meta if you wish to exercise your data protection rights. Further information, including how Meta enables you to exercise your data protection rights, and subsequently processes your information as independent data controller can be found in Meta’s Data Policy, which is accessible at www.facebook.com/about/privacy.
Third party recipients using Personal Data for legal reasons or due to merger/acquisition. We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger (see Section 5 for details).
(a) Nestlé will retain copies of your Personal Data in a form that allows for identification only for as long as:
(i) We maintain an ongoing relationship with you (e.g. where you are included in our mailing list and have not unsubscribed); (ii) Your Personal Data is necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis, Plus
(b) The duration of: (i) any applicable limitation period (i.e. any period during which a person could bring a legal claim against us), and (ii) an additional 2 months following the end of the applicable limitation period (so we are able to identify any personal data of a person who may bring a claim at the end of the applicable period),
(c) In addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional time necessary in connection with that claim.
During the periods noted in paragraphs b(i) and b(ii) above, we will restrict our processing of your Personal Data to storage or, and maintaining the security of, those data, except to the extent the data need to be reviewed in connection with any claim, or any obligation under applicable law.
Once the periods in paragraphs (a), (b) and (c) above, each to the extent applicable, have concluded, we will either (i) permanently delete or destroy the relevant Personal Data or (ii) anonymise the relevant Personal Data.
People who can access your Personal Data. Your Personal Data will be processed by our authorised staff or agents, on a need to know basis, depending on the specific purposes for which your Personal Data have been collected (e.g. our staff in charge of consumer care matters will have access to your consumer record).
Measures taken in operating environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although We will do our best to protect your Personal Data, We cannot guarantee the security of the data during transmission through our Websites/apps.
Measures We expect you to take. It is important that you also play a role in keeping your Personal Data safe and secure. When signing up for an online account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the computer. You should also make use of any privacy settings or controls We provide you in our Website/app.
Transfer of your Personal Data. The storage as well as the processing of your Personal Data as described above may require that your Personal Data are ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence, notably Switzerland, Amsterdam and the USA. We may also transfer your Personal Data to countries outside the European Economic Area (“EEA”) (e.g. other Nestlé entities) including to countries which have different data protection standards to those which apply in the EEA. We (i) have put in place European Commission approved standard contractual clauses to protect your Personal Data (and you have a right to ask Us for a copy of these clauses (by contacting Us as set out below) and/or (ii) will rely on your consent (where permitted by law).
These rights can be exercised by contacting Us or writing to us at Nestlé S.A, Avenue Nestlé 55, 1800 Vevey, Switzerland, attaching a copy of your ID or equivalent details (where requested by Us and permitted by law). If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.
Additional rights (e.g. modification, deletion of Personal Data). Where provided by law, you can (i) request deletion, the portability, correction or revision of your Personal Data; (ii) limit the use and disclosure of your Personal Data; and (iii) revoke consent to any of our data processing activities.
Subject to applicable law, you may also have the following additional rights regarding the use of your Relevant Personal Data:
the right to object, on grounds relating to your particular situation, to the use of your Relevant Personal Data by us, or on our behalf; and the right to object to the Processing of your Relevant Personal Data by us, or on our behalf, for direct marketing purposes. Please note that, in certain circumstances, We will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, to satisfy our legal or contractual obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.
Where available, our Websites have a dedicated feature through which you can review and edit the Personal Data that you have provided. Please note that We require our registered consumers to verify their identity (e.g. login ID/email address, password) before they can access or make changes to their account information. This helps prevent unauthorised access to your account.
We hope that We can satisfy queries you may have about the way we process your Personal Data. However, if you have unresolved concerns you also have the right to complain to competent data protection authorities.
Cookies/Similar Technologies. You manage your consent via (i) our consent management solution or (ii) your browser so as to refuse all or some cookies/similar technologies, or to alert you when they are being used. Please see Section 4 above.
Advertising, marketing and promotions. You can consent for your Personal Data to be used by Nestlé to promote its products or services through tick-box(es) located on the registration forms or by answering the question(s) presented by our CES representatives. If you decide that you no longer wish to receive such communications, you can subsequently unsubscribe from receiving marketing-related communications at any time, by following the instructions provided in each such communication. To unsubscribe from marketing communications sent by any medium, including third party social networks, you can opt-out at any time by unsubscribing through links available in our communications, logging into the Websites/apps or third party social networks and adjusting your user preferences in your account profile by unchecking the relevant boxes or by calling our CES. Please note that, even if you opt-out from receiving marketing communications, you will still receive administrative communications from Us, such as order or other transaction confirmations, notifications about your account activities (e.g. account confirmations, password changes, etc.), and other important non marketing related announcements.
Personalization (offline and online): Where required by law, if you wish to have your Personal Data used by Nestlé to provide you with a personalized experience/targeted advertising & content, you can indicate so through the relevant tick-box(es) located on the registration form or by answering the question(s) presented by our CES representatives. If you decide that you no longer wish to benefit from this personalization, you can opt-out at any time by logging into the Websites/apps and adjusting your user preferences in your account profile by unchecking the relevant boxes or by calling our CES.
Targeted Advertising. We partner with ad networks and other ad serving providers (“Advertising Providers”) that serve advertising on behalf of Us and other non-affiliated companies on the Internet. Some of those advertisements are tailored to your interests based on information collected on Nestlé sites or on non-affiliated websites over time. You can visit YourAdChoices website to learn more about this type of advertising, as well as about how to opt-out of interest-based advertising practices from companies that participate in the Digital Advertising Alliance’s (“DAA”) self-regulatory program. Additionally, you can opt-out of this type of advertising in mobile applications from companies that participate in the DAA's AppChoices app by downloading the app from the iOS or Android app store. You can also stop the collection of precise location data from a mobile device by accessing your device location service settings.
You can also contact our Data Protection Office via email at email@example.com or Data Protection Office at Nestlé S.A, Avenue Nestlé 55, 1800 Vevey, Switzerland.
We will acknowledge and investigate any complaint about the way We manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws).