Danone knows that you value the way in which your personal data is processed and recognizes the importance of protecting your privacy.
This Privacy and Data Protection Policy (hereinafter the “Policy”) explains how Danone collects and processes your personal data. It contains information about the type of data we collect, how we process it, and for what purposes, in order to ensure it is used in a way that best meets your needs.
Contact us on firstname.lastname@example.org if you have any queries, requests or comments, or if you want to exercise one of the rights associated with the processing of your data.
For the purposes of the Policy, the following terms are defined as follows:
- “Service(s)”: all the products and services accessible online or via customer services, the mobile apps, etc., whether paid or not;
- “Mobile App(s)”: refers to any software, application, widget, or plug-in downloaded to a mobile device (smartphone, tablet, laptop, or any device that has an operating system that allows you to download, install, operate, and update said applications). If the Mobile App has notification or location features, please refer to sections 3.6 and 3.7 below.
- “We” and “Our”: refers to any company owned or operated, either directly or indirectly, by any company in which BLEDINA holds a stake and which may collect or process your personal data or cookies, as well as their respective service providers located in France or abroad.
- “You” and “Your”: refers to any user of our Services, or with access to paid or free Services.
This Policy was last updated on February 23, 2018.
BASIC PRINCIPLES – OUR PRIVACY COMMITMENT
Danone undertakes to process personal data in accordance with the regulations applicable to the protection of personal data and privacy, in particular in accordance with the Regulation (EU) 2016/679 adopted on April 27, 2016 relating to the protection of individuals when it comes to the processing of personal data and the free movement of such data (hereinafter “the Regulation”). We are committed to the following principles:
- you have no obligation to provide us with the personal data we request from you. However, some of this data may be required to access certain Services. As such, if you decide not to provide us with this data, you may not have access to some of our Services;
- we collect and process your data solely for the purposes described in this Policy or for specific purposes that we have informed you about and/or for which you have given your consent;
- our approach is to minimize the collection of personal data: i.e. only collecting the personal data necessary for the processing and uses we have in mind, and not collecting data in a superfluous way;
- if the personal data in our possession is no longer useful for the personal data processing that we carry out, and no legal obligation requires us to keep it, we will do everything in our power to remove, destroy or anonymize it.
WHAT PERSONAL DATA DO WE COLLECT?
The personal data we collect varies according to the purpose of the collection and the Service we are providing to you.
In general, the personal data we tend to collect directly usually falls into the following categories:
- a) personal details, such as your first and last name,
- b) browsing history, such as pages viewed, the date of the visit, location during the visit, or the IP address;
We may also indirectly collect personal data about you when:
- a) you share content on social media pages, websites or apps related to our products or responding to our posts or promotional ads on social media.
FOR WHAT PURPOSES DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data to provide you with the best online experience and a quality service and browsing experience. In particular, we may collect, retain, use and disclose your personal data for the following purposes:
- a) to process and respond to your inquiries and to contact you to answer these your queries and/or requests;
- b) to develop and improve our products, services, communication methods and the functionality of our websites, apps and services;
- c) for internal training or to ensure the quality of our services;
- d) to better understand and evaluate the points of interest and desires of consumers and the changes that are necessary for them, in order to improve our websites/apps, our Services and/or to develop new products and services;
We may also need your personal data to fulfill legal obligations or as part of the contractual relationship with you.
When we collect and use your personal data for the purposes mentioned below or for any other request, we will inform you before or at the time of collection.
Where necessary, we will seek your consent to process your personal data. If you have consented to the processing of your personal data, you have the right to withdraw that consent at any time.
When we process your personal data, you are eligible for a number of rights that you can exercise at any time. Below is an overview of these rights and what they mean for you.
The right to access and rectify your personal data
It is important to us that the personal data we hold about you is accurate, up to date, complete, relevant and not misleading. To ensure we fulfill this commitment, you have the right to access, rectify or update your personal data at any time.
The right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine readable format if we have processed your personal data on the following grounds:
- a) you have given us your consent to process your personal data for a purpose or objective that we communicated to you beforehand;
- b) we processed your personal data to facilitate a business transaction, such as providing you with the products and/or services you have ordered;
- c) we processed your personal data using automated means (such as profiling).
The right to be forgotten
You have the right to request the erasure of your personal data when:
- a) your personal data is no longer necessary for the purpose(s) for which we originally collected it; or
- b) you are withdrawing the consent you previously gave us to process your personal data, provided that there is no other legal basis for us to continue processing your personal data; or
- c) you object to us processing your personal data for direct marketing purposes; or
- d) you object to us processing your personal data for the legitimate interests of Danone (such as improving the overall user experience on our websites); or
- e) the personal data has been unlawfully processed; or
- f) your personal data must be erased in order to comply with legislation in force.
If you wish to delete personal data that we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with the legal requirements.
If the personal data we collect is no longer necessary for any purpose and there is no legal obligation for us to keep it, we will do our utmost to delete, destroy or anonymize said data.
The right to restrict the processing of your data
You have the right to request the restriction or suppression of your personal data if:
- a) You believe that the personal data we have about you is inaccurate; or
- b) The personal data has been unlawfully processed, and you prefer that we restrict its processing instead of erasing the data; or
- c) We no longer need your personal data for the purposes for which we collected it, but you need the data to be kept in order to establish, exercise or defend a legal claim; or
- d) You have objected to us processing your personal data and are waiting to see whether your interests related to this objection override the legitimate grounds pursued by Danone.
If you wish to restrict our processing of your personal data, please let us know and we will take reasonable steps to respond to your request in accordance with the legal requirements.
The right to object to the processing of your personal data
You have the right to object to the processing of your personal data at any time.
The right to file a complaint with a supervisory authority
You have the right to file a complaint directly with a supervisory authority, such as the CNIL, regarding the way in which we process your personal data.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We are fully aware of the importance of keeping your personal data secure. We make every effort to protect your personal information from misuse, interference, damage, unauthorized access, modification and disclosure. We have implemented numerous security measures to help you protect your personal data. In particular, we use access controls, firewalls and secure servers, and we encrypt personal data.
SHARING YOUR PERSONAL DATA:
When we share your personal data with our affiliates or other organizations, we make sure that we do so only with organizations that have a substantial system for data storage and security, and which obey the laws relating to the protection of privacy, under conditions equivalent to those we apply.
Your personal data will not be shared, sold, rented or disclosed for any purposes other than those described in the Policy. We may, however, transmit your data for purposes other than those stipulated in the Policy, in cases where its disclosure is required by law and government authorities.
INTERNATIONAL TRANSFERS OF YOUR DATA:
Personal data may be processed outside the European Economic Area (EEA). If this is the case, Danone will make every effort to ensure that this international data transfer has an adequate level of security and associated safeguards.
The safeguards we use to protect international data transfers include:
- a) standard data protection clauses in the form of template transfer clauses validated by the European Commission. These standard clauses are an adequate safeguard as they ensure compliance with the relevant security levels as required by data protection rules, and in particular with regard to the Regulation (the aforementioned rules and the Regulation are hereinafter referred to together as the “Regulations”); or
- b) by certification mechanisms used to certify that third parties outside the EEA process personal data in a manner that complies with the Regulations. These certifications must be approved either by the European Commission, or by the competent supervisory authority under the Regulation, or by the national accreditation body designated in accordance with the Regulation.
AUTOMATED INDIVIDUAL DECISION MAKING AND PROFILING
We may use your personal information in automatic individual decision making, including profiling for certain Services. We will inform you of our intention to apply these methods and will give you the opportunity to object to them beforehand. You can also contact us on email@example.com to receive more information about this type of processing.
COOKIES AND OTHER TECHNOLOGIES
- a) information about your device’s browser and the operating system you are using;
- b) the IP address of the device you are using;
- c) the web pages you view;
- d) the links you click while you interact with our services.
If you have any questions, comments or complaints regarding this Policy, or the processing of your personal data, please contact us on firstname.lastname@example.org