Privacy policy
Nutricia Ltd knows that you care how your personal data is used and we recognize the importance of protecting your privacy.
This Privacy Policy explains how Nutricia Ltd. a subsidiary of Danone S.A., (“Nutricia”, “we”, “our”, “us”), acting as the Data Controller, collects and manages your personal data. It contains information on the data we collect, how we use it, why we need it and how it can benefit you.
Contact us at Data Protection Officer, Nutricia Ltd. Newmarket House, Newmarket Avenue, White Horse Business Park, Trowbridge, Wiltshire, BA14 0XQ or click if you have any queries and comments about this Privacy Policy, or if you want to make a request regarding any of your data subject rights.
This Privacy Policy was last updated on May 10, 2021.
Table of contents
- Basic principles and our privacy commitment
- What personal data do we collect?
- How do we collect your personal data?
- Why do we collect and use your personal data?
- Your rights
- How long do we retain your personal data?
- How we protect your personal data
- Sharing of your personal data
- Changes to this privacy policy
- How to contact us
Basic principles and our privacy commitment
Nutricia is committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have therefore committed ourselves to the following basic principles:
- You have no obligation to provide any personal data requested by us except as required by law or to perform any contract we have with you or are entering into with you. However, if you choose not to provide any personal data requested by us, we may not be able to provide you with some services or products.
- We only collect and process your data for the purposes set out in this Privacy Policy or for specific purposes that we share with you and/or that you have consented to.
- We aim to collect, process and use as little personal data as possible for the purposes as described in this Privacy Policy.
- When we do collect your personal data, we aim to keep it as accurate and up to date as possible.
- If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it at the earliest opportunity.
- Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.
What personal data do we collect?
By personal data, we refer to any information about a person from which that person can be identified. This does not include data for which the identity has been deleted (anonymous data).
The personal data we collect varies depending upon the purpose of the collection and the product or service we are providing you.
Nutricia may collect and use some or all of the following categories of personal data from you directly for the purposes as described in this Privacy Policy:
a) Identity data includes your first and last name, username, title or similar identifier.
b) Contact data includes your email address and address (delivery/ billing) and telephone numbers (including when you contact us via phone or WhatsApp).
c) Account data includes your account login details, such as your e-mail address, username and password. This is necessary to create a personal account on our website and online communities.
d) Profile data includes details of communications with us, which may include details of our conversations via the Careline (phone, email, Live Chat, WhatsApp or web forms) or direct message from social media pages; purchases or orders made by you, your feedback and survey responses and your interests and lifestyle preferences. Lifestyle preferences may include your preferences relating to our products and services, and your interests related to those products and services, for example, which products you are interested in or are using. We may combine this data with information we already hold about you or collect via another channel e.g where you are a member of the baby club and you contact us via the Careline. We will combine this information for the purposes described below under the legal grounds of legitimate interests.
e) Demographic and parental information, such as your age, gender, your expected due date (EDD) or baby’s birth date.
f) Technical data includes browser history, such as pages accessed, date of access, location when accessed, and internet protocol (IP) address.
g) Health data includes information related to your maternal or baby’s health. We will only process information about you that relates to health if you have given your consent for us to do so and if the processing is necessary for the purposes set out in the Privacy Policy. If you provide this type of information to us, we will use it to provide you with information relating to your particular circumstance and we may create notes about your health which assist our staff in responding to this.
h) Financial data includes your bank account, payment card or billing details.
i) Transaction data includes details about payments to and from you and other details of products and services you have purchased from us.
j) Third Party data includes information about people other than you, such as personal data about your family members, when you provide such information directly to us.
k) Social media profiles if you contact us via our social media pages.
l) Usage data includes information about how you use our website, products and services.
m) Marketing data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
How do we collect your personal data?
We collect your personal data directly from you via the following sources, this collection includes when:
a) you communicate with us via post, email, chat, phone (including our Careline and/or customer service lines), WhatsApp or otherwise;
b) you interact with us on our Nutricia websites and apps, including when you register for an account with Nutricia, or send or post queries or comments;
c) you apply for our products or services;
d) you fill in one of our forms (both online and offline);
e) you subscribe to our service or publications;
f) you enter or participate in a competition, promotion, survey or research activity;
g) you request for marketing communications or other promotional materials to be sent to you; or
h) you give us feedback or contact us.
We may also collect personal data about you indirectly when:
a) you share content on social media pages, websites or applications related to our products or in response to our promotional material on social media;
b) we may collect personal data about you from information collected by other websites (for instance, we may place an ad on a third party website, and when you click on that ad, we may receive information about you and other website visitors in order to measure the reach and success of that ad).
c) we may collect data about when you open an email or click on a link in one. This allows us to see how well our communications with you are performing.
d) you sign up to Aptaclub via a third party website and consent to receive personalised content and communications from us.
Why do we collect and use your personal data?
We collect your personal data so we can perform any contract we have with you; provide you with the best online experience; and to provide you with a high quality of customer service.
In particular we may collect, hold, use and disclose your personal data for the following purposes as set out in the table below and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
When we collect and use your personal data on the legal basis of our legitimate interests, we believe the risk to your data protection rights in connection with personal data is not excessive or overly intrusive. We have also put in place protections for your rights by ensuring proper retention periods and security controls.
We may also need your personal data to comply with legal obligations or in the context of a contractual relationship that we have with you.
When we collect and use your personal data for other or new purposes, we will inform you before or at the time of collection unless we reasonably consider that we need to use your personal data for another reason and that reason is compatible with the original purpose of collection as detailed above.
Where legally required to do so or where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, please see the Your Rights section as set out below.
Marketing
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. Where legally required to do so or where appropriate, we will ask for your consent to process your personal data for marketing purposes.
You will only receive marketing communications from us if you have opted in to receiving that marketing or if you requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for our marketing purposes.
Opting out
You can ask us or our third parties to stop sending you marketing messages at any time by visiting the update my details page and changing your preferences, or by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.
You have the right to withdraw your consent at any time by informing us of your decision. If you wish to withdraw your consent, please see the Your Rights section as set out below.
Your rights
Where we process your personal data, you are entitled to a number of rights and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can change your preferences any time by visiting the update my details page.
Some of these rights only apply in certain circumstances and so are not guaranteed or absolute rights. Please contact our Data Protection Officer if you have any questions about your rights.
The right to access your personal data and correction
You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact us via this link.
The right to data portability
Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies where:
a) The processing is based on your consent;
b) The processing takes place for the performance of a contract; or
c) The processing takes place by automated means.
If you wish to exercise your right to data portability, please contact us via this link.
The right to deletion of your personal data
You have right to request that we delete your data if:
a) your personal data is no longer necessary in relation to the purposes for which we collected it; or
b) you withdraw the consent that you had previously given us to process your personal data, and there is no other legal ground to process that personal data; or
c) you object to us processing your personal data for direct marketing purposes; or
d) you object to us processing your personal data for Nutricia’s legitimate interests (such as improving overall user experience on websites);
e) the personal data is not being processed lawfully; or
f) your personal data needs to be deleted to comply with the law
If you wish to delete the personal data we hold about you, you can login to delete your account. Alternatively, you can contact the Careline during office hours which are 8am – 8pm Monday - Friday. We will respond to your request in accordance with our legal requirements.
If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently anonymise it. Data for baby club membership will be retained for a maximum period of 3 years 9 months depending on the time in which baby club membership is first registered. For more information on our retention periods, please see HOW LONG DO WE RETAIN YOUR PERSONAL DATA section below.
The right to restriction of processing
You have the right to restrict the processing of your personal data if;
a) you do not believe the personal data we have about you is accurate; or
b) the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
c) we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
d) you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate
grounds for processing your data.
If you wish to restrict our processing of your personal data, please contact us via this link and we will respond to your request in accordance with our legal obligations.
The right to object
You have the right to object to the processing of your personal data at any time. Please contact us via this link.
The right to withdraw consent
Where legally required to do we will ask for your consent to process the personal data. When we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time by informing us of your decision. However, such withdrawal does not affect the lawfulness of the processing that took place prior to this withdrawal. If you wish to withdraw your consent, please contact us via this link.
The right to lodge a complaint with a supervisory authority
While we would be grateful if you lodged any complaints with us, you have the right to lodge a complaint directly with the UK Information Commissioner’s Office [https://ico.org.uk/for-the-public] about how we process personal data.
You can also contact the Data Protection officer at Nutricia Ltd using this link.
For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact the Information Commissioner’s Office at:
Mailing Address: Wycliffe House Water Lane, Wilmslow Cheshire SK9 5AF
Phone Numbers: +44 303 123 1113
Email Address: casework@ico.org.uk
How long do we retain your personal data?
We will only retain your personal data for the minimum time necessary to achieve the purposes for which we collected it as set out in this Privacy Policy, including to comply with any legal, regulatory, tax, accounting or reporting requirements.
Your personal data will also be retained for the duration of your contractual relationship with us, including where we maintain an ongoing relationship with you (e.g. where you have consented to marketing communications and have not unsubscribed from our mailing lists).
To determine the appropriate retention period for personal data, we take into account the quantity, nature and sensitivity of personal data, the potential risk of harm resulting from the unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the possibility of attaining those purposes by other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.
After the established deadlines, the data is either deleted or retained after being anonymized, especially for statistical purposes. It may be retained in case of pre-litigation and litigation. It should be noted that deletion or anonymization are irreversible operations, and that Nutricia is no longer able, thereafter, to restore this data.
Our retention periods for baby clubs are as follows:
- Data for baby club membership will be retained for a maximum period of 3 years 9 months depending on the time in which baby club membership is first registered.
- Data for interactions you have had with our Careline will be retained for a maximum period of 3 years 9 months depending on the most recent contact you had with us.
- For our ecommerce and sampling services, all consumer transactional data is retained for 6 years before being deleted.
- Heath records are retained for 10 years after date of last entry in accordance with legal and medical record requirements.
- In line with our legal requirements, consent records (health and marketing) and the associated email will be retained while consent is valid and for 7 years from date consent is withdrawn or ceases to be valid.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
How we protect your personal data
We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data. For example, we implement access controls, firewalls and secure servers, and we encrypt personal data.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
We may enact data processes on your behalf in specific circumstances. An example would be in the event of a notified baby death, your details would be checked for a duplicate account under (C&G baby club / Aptaclub) and automatically unsubscribed. Only in circumstances where accounts are registered with the same email address, can this process be enacted.
When we share your personal data with Nutricia affiliates and other organizations as described below, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.
Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Policy. We may, however, share your data when required by law and/or government authorities.
Trusted third parties may assist us in providing specific services or functions on our behalf, such as our Careline and Social Media teams as well as IT services, both internal and external. This includes platform providers, hosting services, maintenance and support on our website as well as on our software and applications that may contain data about you, or to perform on our behalf the statistical analyses associated with the use of the website.
Your personal data will be shared with the following third parties for the purposes described:
Categories of third parties | Data type | Purposes | |
---|---|---|---|
External processors: | |||
Adobe Audience Manager | Non-identifying membership data | To show you products and services appropriate to your baby’s age while you browse on other websites and targeted advertising | |
Live Person | Personal contact data (email, phone number & name) Conversation transcript Survey answers | To allow personalised conversations with our Careline team on Live Chat and WhatsApp. To generate and analyse feedback for improving our service. To send you the transcript after the conversation. | |
Khoros | Personal contact data and social media profile | To allow personalised conversations with our Careline team on Social Media. To analyse social media activity or feedback on Aptaclub owned social pages | |
Salesforce Service Cloud (Careline management tool) | Personal contact data, details of communications with us (why and what you contacted us about), demographic and parental information, information relating to maternal or baby health if this is shared with our Careline. | To allow personalised conversations with our Careline team. To understand and assess interests, wants, and changing needs. To develop & improve our products and services | |
Customer relations database | Identity data, contact data, demographic data, profile data, account data, marketing data & consents | For the creation and management of your Aptaclub account and profile to personalise your experience, show content, products or services that may be of interest to you, manage your consents & unsubscribes and perform internal reporting. We may combine this data with information we already hold about you or collect via another medium e.g via the Careline. We will process this information for the purposes described above under the legal grounds of legitimate interests. | |
Fan Finders | Personal data (baby feeding preferences) | To show you products and services appropriate to you and develop and improve our products, services, communication methods and the functionality of our websites. | |
SmartSurvey | Personal contact data (email & name), survey answers | To develop and improve our products, services, communication methods and the functionality of our websites | |
Dunnhumby | Personal contact data (email and address) | We perform database matching to analyse purchase behaviour based on site and email usage | |
Bazaarvoice | Personal data (email, name and baby DOB) | To seek and manage our feedback, ratings and reviews (where you have consented to receive product communications from Nutricia). Data is retained by Bazaarvoice for a period of 6 months and then deleted. | |
Facebook | Personal contact data (email and name) | To allow login via Facebook on the Aptaclub website | |
Facebook | Behavioural data | To allow Nutricia to see how well adverts perform Retargeting for the purpose of advertising to users who have been on aptaclub.co.uk Creating Lookalike audiences of users, using the key characteristics of the audience and targeting similar audiences than those who visited our website for precision purposes. | |
Personal contact data (email) | Block Facebook advertising in the event of customer complaint | ||
behavioural data | To Allow Nutricia to see how well adverts perform Retargeting for the purpose of advertising to users who have been on aptaclub.co.uk Creating Lookalike audiences of users, using the key characteristics of the audience and targeting similar audiences than those who visited our website for precision purposes. | ||
Snapchat | behavioural data | To Allow Nutricia to see how well adverts perform Retargeting for the purpose of advertising to users who have been on aptaclub.co.uk Creating Lookalike audiences of users, using the key characteristics of the audience and targeting similar audiences than those who visited our website for precision purposes. | |
behavioural data | To Allow Nutricia to see how well adverts perform Retargeting for the purpose of advertising to users who have been on aptaclub.co.uk Creating Lookalike audiences of users, using the key characteristics of the audience and targeting similar audiences than those who visited our website for precision purposes. | ||
TikTok | behavioural data | To Allow Nitricia to see how well adverts perform Retargeting for the purpose of advertising to users who have been on aptaclub.co.uk Creating Lookalike audiences of users, using the key characteristics of the audience and targeting similar audiences than those who visited our website for precision purposes. | |
Bing | behavioural data | ||
Astute Solutions | Personal membership and contact details | To allow personalised conversations with the Careline and analysis of data to improve our services | |
Constant Commerce (Buy Now widget) | IP address and tracking cookie | To determine the user's location before the service is used. Location service can be disabled on your device in the privacy settings, but this will make the Buy Now service unavailable. Cookie is required so that retailer preference is retained. | |
Google advertising | Behavioural data | To tailor advertising based on your behaviour on our website, or exclude you from advertising | |
Mailing houses: | |||
MPS PS Mailing Services Ltd Whistl | Personal contact data | To allow direct mail to be delivered | |
Reporting providers: | |||
Google Analytics Tableau Adobe Analytics | Anonymised membership data | To analyse user behaviours on a website and email the allow us to enhance your experience | |
Email / push notification databases: | |||
Sendgrid | Membership data, personal contact data (email) | To allow emails to be delivered | |
Purchasing and processing orders | |||
Adyen | Contact and personal details (Email, Name, Address’s), payment and financial data (Credit card, brank account) | To process payments | |
Ingram Micro | Contact and personal details, payment and financial data. | Ingram Micro and its related companies will process, store and use personal information collected from you or on your behalf from your transaction on the Aptamil Shop. Such personal information will be collected, processed, stored and used in accordance with our Privacy Policy, available at https://www.ingrammicro.com/en-us/legal/privacy-statement | |
Lab-Digital | Contact and personal details (Email, Name, Address’s), payment and financial data (Credit card, brank account) | To develop ecommerce website and test functionality | |
Internal Processors | |||
Other UK & Ireland Nutricia / Danone internal teams | Personal contact data (email, phone number, address and name) | To process, handle and respond to complaints and queries |
If we decide to reorganise or to sell our business or our company, directly or indirectly through a sale, merger, or acquisition, we may share your personal data with actual or prospective purchasers of the business, or of our company. We will require that any such purchasers treat your personal data consistently with this Privacy Policy.
Sharing data internationally
Personal data may be processed outside the UK. When processed outside the UK, Nutricia will make sure that this cross-border data processing is protected by adequate safeguards.
The safeguards that we use to protect cross-border data processing include:
a) Standard Contractual Clauses approved by European Commission and approved for use in the UK. These standardized contractual clauses provide sufficient safeguards to meet the adequacy and security requirements of the European General Data Protection Regulation and UK General Data Protection Regulation; or
b) Certifications which demonstrate that third parties outside of the UK or EEA process personal data in a way that is consistent with the European General Data Protection Regulation and UK General Data Protection Regulation. These certifications are approved either by the European Commission, a competent supervisory authority or a competent national accreditation body in terms of General Data Protection Regulation.
c) An adequacy decision whereby we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
We may share your personal data within Danone subsidiaries as detailed above. This may involve transferring your data outside the UK to our EU based entities. This transfer will be protected by using one of the safeguards as detailed above.
Automated decision-making and profiling
For some services and products we may process your personal data using automated means. Essentially this means that decisions are taken automatically without human intervention. An example of this would be deciding which type of campaign emails you receive from us.
We may also process your personal data for profiling purposes to predict your behaviour on our website or products that may be of interest to you. This means that we may collect personal data about you through cookies. We centralise this data and analyse it to evaluate and predict your personal preferences and interests. Based on our analysis, we send or display communications and/or content tailored to your interests/needs. This can be used to show you adverts for our products and services appropriate to your baby’s age while you browse on other websites. We will also use your data to send tailored communications via email and direct mail, if you have opted to receive them.
We confirm that you will not be subject to a decision based solely on automated decision-making, including profiling which produces legal effects, or which will significantly affect you. If we intend to make use of such methods, we will of course inform you and we will give you an opportunity to object to these processes in advance. You are also free to contact us for further information on such processing.
Cookies and other technologies
We may also collect personal data about you through the use of cookies and other technologies. This may occur when you visit our sites or third-party sites, view our online content, or use our/third-party mobile applications and may include the following information:
a) Information about your device browser and operating system;
b) The IP address , device ID and Mac ID of the device you are using;
c) Web pages of ours that you view;
d) Adverts you view;
e) Links that you click while interactive with our services, and emails you open.
f) Time and date of activity
Please see our cookie statement for more information on this link.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Changes to this privacy policy
This notice was last updated on May 10, 2021. We reserve the right to change this notice at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Changes to this notice shall be applicable on the effective date of implementation. Please refer to our website for the latest version of this notice. We will also communicate any changes to you, where we are legally required to do so.
Privacy considerations for local law
We will hold and process your personal data in accordance with the UK Data Protection Act 2018 and UK General Data Protection Regulation.
How to contact us
If you have any questions, comments or complaints regarding this Privacy Policy or the processing of your personal data, please contact us using the link here or write to us at:
Data Protection Officer, Nutricia Ltd. Newmarket House, Newmarket Avenue, White Horse Business Park, Trowbridge, Wiltshire, BA14 0XQ
You can also contact our Data Protection Officer at: DPO.UKIE@danone.com.