PRIVACY PROTECTION POLICY
DNAO knows that how your personal data is processed is important to you and recognises the importance of protecting your privacy.
This Privacy and Personal Data Protection Policy (hereinafter the “Policy”) explains how DNAO collects and processes your personal data. It contains information about the type of data we collect, how we process it and for what purposes, to ensure that its use meets your needs.
You can contact us here for any requests, queries or comments, or if you wish to exercise one of your rights pertaining to the processing of your data.
For the needs of the Policy, the following terms have the definitions given below:
• “Service(s)”: all of the services, products available online or via customer services or the Mobile Applications, etc., whether paid for or otherwise;
• “We”, “Us” and “Our”: refer to any company owned or operated, directly or indirectly, by any company in which Danone, including more specifically DNAO; holds shares and can collect or process your personal data and cookies, as well as their respective service providers in France or overseas.
• “You” and “Your”: refer to any user of the Services who accesses one of the paid or free Services.
This Policy was updated on 30 October 2020.
BASIC PRINCIPLES – OUR PRIVACY PROTECTION COMMITMENT
DNAO undertakes to process personal data in accordance with applicable personal data and privacy protection regulations, and in particular in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”). We are committed to respecting the following principles:
• You are under no obligation to provide us with the personal data we ask you for. However, some of this data may be required to access certain Services. Therefore, if you decide not to provide us with this data, you may not have access to some of these Services;
• We only collect and process your data for the purposes described in this Policy or for the specific purposes about which we have informed you and/or to which you have agreed;
• We subscribe to the data minimisation principle: this means collecting only the personal data that is necessary for the processing and uses anticipated, without collecting data unnecessarily;
• If personal data we have in our possession is no longer useful for the personal data processing we conduct, and if there is no legal obligation for us to keep it, we will do everything within our power to delete or destroy it or to make it anonymous.
WHAT PERSONAL DATA DO WE COLLECT?
The personal data we collect varies depending on the purpose of the collection and the Service we provide to you.
In general, we may need to collect the following categories of personal data directly:
• Personal details, such as your surname, your first name, your email address, your postal address and your telephone number(s) when you complete the contact form or subscribe to the newsletter;
• Exchanges with us, which may include the details of conversations through the chat service, the quality consumer department and/or the consumer advice service;
• Browser history, such as the pages visited, the date of the visit, the location of the visit, or even the IP address;
• Demographic information such as your age, your gender and your life style preferences
• Information about your health and your pregnancy or that of your partner;
• Information about people other than yourself, such as personal data about members of your family when you provide us with this information directly (including your child’s birthday);
We can also collect your personal data indirectly when:
• You share content on social media, websites or applications relating to our products or replying to our posts and advertising on social media; or
• We read or collect your personal data through the information collected by other websites (for example, if we place an advertisement on a third-party website and you click on this advertisement, we can receive information about you and other visitors to the site, in order the measure the influence and success of this advertisement).
FOR WHAT PURPOSES DO WE COLLECT PERSONAL DATA?
We collect your personal data to provide you with the best possible online experience and a high quality service and navigation. In particular, we can collect, hold, use and disclose your personal data for the following purposes:
• To process and respond to your requests for information and to contact you to respond to your requests and/or queries;
• To develop and improve our products, services, communication methods and the functionality of our websites, applications and Services;
• To provide you with information, to manage your registration and/or subscription to our newsletter service (from which you can unsubscribe at any time by clicking on the link for this purpose in every email) or to any other service for sending communication, and to send you the results of tests/questionnaires;
• To manage our everyday “business” needs in relation to your entries in competitions, prize draws, promotional activities and requests;
• For in-house training or to ensure the quality of our services;
• To confirm the identity of people who contact us by telephone, by electronic or other means;
• To better understand and evaluate what is of interest to consumers and what they want, as well as any changes they feel are necessary, with a view to improving our websites/applications and our Services, and/or to develop new products and services;
• To supply personalised products and appropriate communications or to recommend products based on your consumer needs.
We may also need your personal data to satisfy legal obligations or within the context of the contractual relationship we have with you.
When we collect and use your personal data for the purposes mentioned below or for any other request, we will notify you before or at the time of collection.
Where necessary, we will ask for your consent to process your personal data. If you have given your consent for the processing of your personal data, you are entitled to withdraw this consent at any time.
When we process your personal data, you have certain rights that you may exercise at any time. Below is an overview of these rights and what this means for you.
The right to access or correct your personal data
It is important for us that the personal data we hold for you is accurate, up to date, complete, relevant and not misleading. To ensure compliance with this commitment, you have the right to access, correct or update your personal data at any time.
The right to data portability
You have the right to receive your personal data in a structured format, commonly used and legible by a machine if we have processed your personal data based on the following:
• You have given us your consent to process your personal data with the aim or for the purpose communicated to you beforehand;
• We have processed your personal data in order to facilitate a commercial transaction, such as supplying the products and/or services that you order;
• We have processed your personal data using automated means (such as profiling).
The right to request deletion of your personal data
You have the right to request that your personal data be deleted when:
• Your personal data is no longer necessary for the purposes for which we collected it; or
• You withdraw the consent you previously gave for the processing of your personal data, subject to there being no other legal basis allowing us to continue processing your personal data; or
• You object to us processing your personal data for direct marketing purposes; or
• You object to us processing your personal data for the legitimate interests of Danone (such as improving the global user experience on our websites); or
• The personal data is not processed legally; or
• Your personal data has to be deleted in order to comply with legislation in force.
If you wish for your personal data held by us to be deleted, please let us know and we will take reasonable steps to respond to your request in compliance with legal requirements.
If the personal data we collect from you is no longer necessary for any purpose and if there is no legal obligation for us to keep it, we will take steps to delete or destroy the data, or to make it anonymous.
The right to restrict processing of your data
You have the right to request restriction of the processing of your personal data if:
• You think that the personal data we have concerning you is inaccurate; or
• With regard to personal data that is not processed legally, you prefer us to restrict the processing thereof instead of deleting this data; or
• We no longer need your personal data for the purposes for which we collected it, but you need the data in order to establish, exercise or defend legal claims; or
• You object to the processing of your personal data and are waiting to find out if your interests associated with this objection prevail over the legitimate reasons pursued by DNAO.
If you wish to restrict our processing of your personal data, please let us know and we will take reasonable steps to respond to your request in compliance with legal requirements.
The right to oppose processing of your personal data
You have the right to oppose processing of your personal data at any time.
The right to make a complaint to a supervisory authority
You have the right to file a complaint directly with a supervisory authority, such as the CNIL (French Data Protection Authority) about how we process your personal data.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We are aware of the importance of the security of your personal data. We make every effort to protect your personal data from misuse, interference, damage, unauthorised access, modification or disclosure. We have put several security measures in place to help protect your personal data. In particular, we use access controls, firewalls and secure servers, and we encrypt personal data.
SHARING OF YOUR PERSONAL DATA
When we share your personal data with our subsidiaries or other structures, we only do so with organisations that have a wide-reaching framework relating to the security of your data and its storage and that comply with the laws relating to privacy protection, under equivalent conditions to those we comply with.
Your personal data will not be shared, sold, leased or disclosed for purposes other than those described in the Policy. However, we may transmit your data for purposes other than those provided for in the Policy, in cases where communication thereof is required by law and the government authorities.
INTERNATIONAL TRANSFERS OF YOUR DATA:
Personal data may be processed outside the European Economic Area (EEA). If this is the case, DNAO will ensure that this international transfer of data has an appropriate security level and guarantees. The guarantees we use to protect international data transfers include:
Templates of standard contractual clauses validated by the European Commission. These standard clauses provide sufficient guarantee as they ensure that the relevant security levels required by personal data protection regulations are met, in particular in relation to the Regulation (the aforementioned regulations and the Regulation are hereinafter referred to as “Regulations”); or
By certification mechanisms that attest that the third parties outside of the EEA process the personal data in accordance with the Regulations. These certifications must be approved either by the European Commission, or by the competent supervisory authority by virtue of the Regulation, or by the national accreditation body appointed in accordance with the Regulation.
COOKIES AND OTHER TECHNOLOGIES
• Information about the browser on your machine and the operating system you use;
• The IP address of the device you are using;
• The web pages that you visit;
• The links you click on during your interaction with our services.
• More information is given on this subject in our Cookies Policy.
Notifications via our Progressive Web App
Our Progressive Web App may include notifications that display on your mobile device.
Please also refer to the settings on your mobile device to configure your notifications.
If you have any questions, comments or complaints relating to this Policy or the processing of your personal data, please contact us here.