Introduction

Danone knows that you care how your personal data is used and we recognize the importance of protecting your privacy.

This Privacy Statement explains how Danone Limited (“Danone”) collects and manages your personal data. It contains information on what data we collect, how we use it, why we need it and how it can benefit you.

Contact us if you have any queries and comments, or if you want to make a request regarding any of your data subject rights.

This privacy statement was last updated on March 22, 2021.

Basic principles and our privacy commitment

At Danone we are committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have therefore committed ourselves to the following basic principles:

• You have no obligation to provide any personal data requested by us. However, if you choose not to, we may not be able to provide you with some services or products;
• We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to;
• We aim to collect, process and use as little personal data as possible;
• When we do collect your personal data, we aim to keep it as accurate and up to date as possible.
• If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
• Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement.

What personal data do we collect?

The personal data we collect varies depending upon the purpose of the collection and the product or service we are providing you.

Generally, we may collect the following types of personal data from you directly:

1. Personal contact data, such as your name, surname, email address, physical address;
2. Specifically for our Yummy Back Guaranteed promotion, and only with your consent, payment information relating to your billing name, billing address and payment data, such as your credit card details or bank account number;
3. Communications with us, which may include details of our conversations via chat, care lines and/or customer service lines;
4. Browser history, such as pages accessed, date of access, location when accessed, and IP address;

We may also collect personal data about you indirectly when:

1. you share content on social media pages, websites or applications related to our products or in response to our promotional material on social media; or
2. we read or collect personal data about you by reading information collected by other websites (for instance, we may place an advertisement on a third party website, and when you click on that advertisement, we may receive information about you and other website visitors in order to measure the reach and success of that advertisement).

Why do we collect and use your personal data?

We collect your personal data so we can provide you with the best online experience and to provide you with a high quality of customer service. In particular we may collect, hold, use and disclose your personal data for the following purposes:

1. To manage our everyday business needs in connection with your participation in our contests, sweepstakes or promotional activities or request, including our Yummy Back Guaranteed promotion
2. Specifically for our Yummy Back Guaranteed promotion, to process any product claim and refund, and to keep you up to date in regards to the status of the reimbursement
3. To process and answer your inquiries or to contact you in order to answer your questions and/or requests;
4. To develop and improve our products, services, communication methods;
5. To authenticate the identity of individuals contacting us by telephone, electronic means or otherwise;
6. For internal training and quality assurance purposes;
7. To understand and assess the interests, wants, and changing needs of customers, in order to improve our website, our current products and services, and/or developing new products and services;

We may also need your personal data to comply with legal obligations or in the context of a contractual relationship that we have with you.

When we collect and use your personal data for purposes mentioned above or for other purposes, we will inform you before or at the time of collection unless we reasonably consider that we need to use your personal data for another reason and that reason is compatible with the original purpose of collection as detailed above.

Where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, please see the Your Rights section as set out below.

Your rights

Where we process your personal data, you are entitled to a number of rights and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights via our contact page.

The right to access your personal data and correction

You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact us via our contact page.

The right to data portability

Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies where:

1. The processing is based on your consent;
2. The processing takes place for the performance of a contract;
3. The processing takes place by automated means;

If you wish to exercise your right to data portability, please contact us via our contact page.

The right to deletion of your personal data

You have right to request that we delete your data if:

1. your personal data is no longer necessary in relation to the purposes for which we collected it; or
2. you withdraw the consent that you had previously given us to process your personal data, and there is no other legal ground to process that personal data; or
3. you object to us processing your personal data for direct marketing purposes; or
4. you object to us processing your personal data for Danone’s legitimate interests (such as improving overall user experience on websites);
5. the personal data is not being processed lawfully; or
6. your personal data needs to be deleted to comply with the law.

If you wish to delete the personal data we hold about you, please contact us via our contact page and we will take reasonable steps to respond to your request in accordance with legal requirements.

If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.

The right to restriction of processing

You have the right to restrict the processing of your personal data if

1. you do not believe the personal data we have about you is accurate; or
2. the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
3. we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
4. you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.

If you wish to restrict our processing of your personal data, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements.

The right to object

You have the right to object to the processing of your personal data at any time. Please contact us via our contact page.

The right to withdraw your consent

When we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to this withdrawal. If you wish to withdraw your consent, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements.

The right to lodge a complaint with a supervisory authority

While we would be grateful if you lodged any complaints with us, you have the right to lodge a complaint directly with the UK Information Commissioner’s Office ICO about how we process personal data.

For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact the Information Commissioner’s Office at:

Mailing Address: Wycliffe House Water Lane, Wilmslow Cheshire SK9 5AF

Phone Numbers: +44 303 123 1113

Email Address: casework@ico.org.uk

You can also contact our Data Protection officer at DPO.UKIE@danone.com.

How we protect your personal data

We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.

Sharing of your personal data

When we share your personal data with affiliates and other organizations, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.

Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement. We may, however, share your data when required by law and/or government authorities.

Your personal data will be shared with the following third parties for the purposes described:

Cookies and other technologies

We may also collect personal data about you through the use of cookies and other technologies. This may occur when you visit our sites or third-party sites, view our online promotions, or use our/third-party mobile applications and may include the following information:

a) Information about your device browser and operating system;

b) The IP address of the device you are using;

c) Web pages of ours that you view;

d) Links that you click while interactive with our services.

Please see our cookie statement for more information on this.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Changes to this privacy Statement

This notice was last updated on 19 January 2021. We reserve the right to change this notice at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Changes to this notice shall be applicable on the effective date of implementation. Please refer to our website for the latest version of this notice. We will also communicate any changes to you, where we are legally required to do so.

Privacy considerations for local law

We will hold and process your personal data in accordance with the UK Data Protection Act 2018 and UK General Data Protection Regulation

How to contact us

If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us via our contact page.

You can also reach out to our Data Protection Officer directly at DPO.UKIE@danone.com.