PRIVACY POLICY
Effective: October 2023
SCOPE OF THIS NOTICE
Please read this privacy notice (“Notice”) carefully tounderstand our policies and practices regarding your Personal Data and how wewill treat it. This Notice applies to individuals who interact with Nestlé services as consumers (“you”). This Notice explains how yourPersonal Data are collected, used, and disclosed by Nestlé Portugal,Unipessoal, Lda. (“Nestlé”, “We”, “Us”). Italso tells you how you can access and update your Personal Data and makecertain choices about how your Personal Data are used.
This Notice covers both our online and offline data collectionactivities, including Personal Data that We collect through our variouschannels such as websites, apps, third party networks, ConsumerEngagement Service, points of sale and events. Please note that We mightaggregate personal data from different sources (e.g. websites, offline events). As part of this, We combine Personal Datathat were originally collected by different Nestlé entities or Nestlé partners. Please see Section 9for further information on how to object to this.
If you do not provide necessary Personal Data to us (We will indicate toyou when this is the case, for example, by making this information clear in ourregistration forms), We may not be able to provide you with our goods and/orservices. This Notice can change from time to time (see Section 11).
This Notice provides important information in the following areas:
1. SOURCESOF PERSONAL DATA
2. PERSONALDATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
3. PERSONAL DATA OF CHILDREN
4. COOKIES/SIMILARTECHNOLOGIES, LOG FILES AND WEB BEACONS
5. USESMADE OF YOUR PERSONAL DATA
6. DISCLOSUREOF YOUR PERSONAL DATA
7. RETENTION OF PERSONAL DATA
8. STORAGEAND/OR TRANSFER OF YOUR PERSONAL DATA
9. ACCESSTO YOUR PERSONAL DATA
10. YOUR CHOICES ABOUT HOW WEUSE AND DISCLOSE YOUR PERSONAL DATA
11. CHANGES TO OUR NOTICE
12. DATA CONTROLLERS & CONTACT
1. SOURCES OF PERSONAL DATA
This Notice applies to Personal Data that We collect from or about you,through the methods described below (see Section 2), from the followingsources:
Nestlé websites.Consumer-directed websites operated by or for Nestlé, including sitesthat We operate under our own domains/URLs and mini-sites that We run on thirdparty social networks such as Facebook (“Websites”).
Nestlé mobile sites/apps.Consumer-directed mobile sites or applications operated by or for Nestlé,such as smartphone apps.
E-mail, text and otherelectronic messages. Interactions with electroniccommunications between you and Nestlé.
Nestlé CES. Communicationswith our Consumer Engagement Centre (“CES”).
Offline registration forms.Printed or digital registration and similar forms that We collect via, forexample, postal mail, in-store demos, contests and other promotions, or events.
Advertising interactions. Interactionswith our advertisements (e.g., if you interact with on one of our ads on a thirdparty website, we may receive information about that interaction).
Data We create. Inthe course of our interactions with you, we may create Personal Data about you(e.g. records of your purchases from our websites).
Datafrom other sources.Third party social networks (e.g. such as Facebook), advertising networks (e.g.such as Google), messaging apps (e.g. such as WhatsApp), market research (iffeedback is not provided on an anonymous basis), third party data aggregators, Nestlé promotional partners, publicsources and data received when we acquire other companies.
2. PERSONALDATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
Depending on how you interact with Nestlé (online, offline, overthe phone, etc.), We collect various types of information from you, as describedbelow.
Personal contactinformation. This includes anyinformation you provide to Us that would allow Us to contact you, such as yourname, postal address, e-mail address, social network details, or phone number.
Account login information. Anyinformation that is required to give you access to your specific accountprofile. Examples include your login ID/email address, screen name, password inunrecoverable form, and/or security question and answer.
Demographic information& interests. Anyinformation that describes your demographic or behavioural characteristics.Examples include your date of birth, age or age range, gender, geographiclocation (e.g. postcode/zip code), favourite products, hobbies and interests,and household or lifestyle information.
Information from computer/mobiledevice. Anyinformation about the computer system or other technological device that youuse to access one of our Websites or apps, such as the Internet protocol (IP)address used to connect your computer or device to the Internet, operating systemtype, and web browser type and version. If you access a Nestlé websiteor app via a mobile device such as a smartphone, the collected information willalso include, where permitted, your phone’s unique device ID, advertising ID, geo-location,and other similar mobile device data.
Websites/communicationusage information. Asyou navigate through and interact with our Websites or newsletters, We useautomatic data collection technologies to collect certain information aboutyour actions. This includes information such as which links you click on, whichpages or content you view and for how long, and other similar information andstatistics about your interactions, such as content response times, downloaderrors and length of visits to certain pages. This information is capturedusing automated technologies such as cookies and web beacons, and is alsocollected through the use of third party tracking for analytics and advertisingpurposes. You have the right to object to the use of such technologies, for furtherdetails please see Section 4.
Market research &consumer feedback. Anyinformation that you voluntarily share with Us about your experience of usingour products and services.
Consumer-generated content. Anycontent that you create and then share with Us on third party social networksor by uploading it to one of our Websites or apps, including the use of thirdparty social network apps such as Facebook. Examples include photos, videos,personal stories, or other similar media or content. Where permitted, Wecollect and publish consumer-generated content in connection with avariety of activities, including contests and otherpromotions, website community features, consumer engagement, andthird party social networking.
Third party social networkinformation. Anyinformation that you share publicly on a third party social network orinformation that is part of your profile on a third party social network (suchas Facebook) and that you allow the third party social network to share withUs. Examples include your basic account information (e.g. name, email address,gender, birthday, current city, profile picture, user ID, list of friends,etc.) and any other additional information or activities that you permit thethird party social network to share. We receive your third party social networkprofile information (or parts of it) every time you download or interact with aNestlé web application on a third party social network such as Facebook,every time you use a social networking feature that is integrated within a Nestlésite (such as Facebook Connect) or every time you interact with Us through athird party social network. To learn more about how your information from athird party social network is obtained by Nestlé, or to opt-out ofsharing such social network information, please visit the website of therelevant third party social network.
Payment and Financialinformation. Anyinformation that We need in order to fulfil an order, or that you use to make apurchase, such as your debit or credit card details (cardholder name, cardnumber, expiration date, etc.) or other forms of payment (if such are madeavailable). In any case, We or our payment processing provider(s) handlepayment and financial information in a manner compliant with applicable laws,regulations and security standards such as PCI DSS.
Calls to Nestlé CES Communicationswith a Nestlé CES can be recorded or listened into, in accordance withapplicable laws, for local operational needs (e.g. for quality or trainingpurposes). Payment card details are not recorded. Where required by law, youwill be informed about such recording at the beginning of your call.
Sensitive Personal Data. We do not seek to collector otherwise process sensitive personal data in the ordinary course of our business.Where it becomes necessary to process your sensitive personal data for anyreason, we rely on your prior express consent for any processing which isvoluntary (e.g. for marketing purposes). If we process your sensitive personaldata for other purposes, we rely on the following legal bases: (i) detectionand prevention of crime (including the prevention of fraud); and (ii) compliancewith applicable law (e.g. to comply with our diversity reporting).
3. PERSONAL DATA OF CHILDREN
We do not knowingly solicit or collectpersonal data from children below the age of 16. If we discover that we haveunintentionally collected personal data from a child below 16, we will removethat child’s personal data from our records promptly. However, Nestlé maycollect personal data about children below the age of 16 years of age from theparent or guardian directly, and with that person’s explicit consent.
We also do not knowingly solicit or collect personaldata from children under the age of 18 for the specific purposes of marketingcommunications.
4. COOKIES/SIMILARTECHNOLOGIES, LOG FILES AND WEB BEACONS
Cookies/Similar Technologies. Pleasesee our Cookie Notice[insert hyperlink] to learn how you can manage your cookie settings andfor detailed information on the cookies We use and the purposes for which Weuse them.
Log Files. Wecollect information in the form of log files that record website activity andgather statistics about your browsing habits. These entries are generatedautomatically, and help Us to troubleshoot errors, improve performance andmaintain the security of our Websites.
Web Beacons. Webbeacons (also known as “web bugs”) are small strings of code that deliver agraphic image on a web page or in an email for the purpose of transferring databack to Us. The information collected via web beacons will include informationsuch as IP address, as well as information about how you respond to an emailcampaign (e.g. at what time the email was opened, which links you click on inthe email, etc.). We will use web beacons on our Websites or include them ine-mails that We send to you. We use web beacon information for a variety ofpurposes, including but not limited to, site traffic reporting, unique visitorcounts, advertising, email auditing and reporting, and personalisation.
5. USESMADE OF YOUR PERSONAL DATA
The following paragraphsdescribe the various purposes for which We collect and use your Personal Data,and the different types of Personal Data that are collected for each purpose.Please note that not all of the uses below will be relevant to everyindividual.
What We use your Personal Data for
Our reasons
Our legitimate interests
Consumer service. We use your Personal Data for consumer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. order status, technical issue, product question/complaint, general question, etc.).
· Fulfilling contractual obligations
· Legal obligations
· Our legitimate interests
· Improving and developing new products and services
· Being more efficient
Contests, marketing and other promotions. With your consent (where required), We use your Personal Data to provide you with information about goods or services (e.g. marketing communications or campaigns or promotions). This can be done via means such as email, ads, SMS, phone calls, messaging apps and postal mailings to the extent permitted by applicable laws. Some of our campaigns and promotions are run on third party websites and/or social networks. This use of your Personal Data is voluntary, which means that you can oppose (or withdraw your consent in certain countries) to the processing of your Personal Data for thes purposes. For detailed information on how to modify your preferences about marketing communication, please see Sections 9 and 10 below. For more information about our contests and other promotions, please see the official rules or details posted with each contest/promotion.
· With your consent (where required)
· Fulfilling contractual obligations
· Our legitimate interests
· Working out which of our products and services may interest you and telling you about them
· Defining types of consumers for new products or services
Third party social networks: We use your Personal Data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks. We use your Personal Data to tailor and deliver communications to you, including via social media, based on your interests and your interactions with our products and services.
· With your consent (where required)
· Our legitimate interests
· Working out which of our products and services may interest you and telling you about them
· Defining types of consumers for new products or services
Personalisation (offline and online). With your consent (where required), We use your Personal Data (i) to analyse your preferences and habits, (ii) to anticipate your needs based on our analysis of your profile, (iii) to improve and personalise your experience on our Websites and apps; (iv) to ensure that content from our Websites/apps is optimised for you and for your computer or device; (v) to provide you with targeted advertising and content, and (vi) to allow you to participate in interactive features, when you choose to do so. For example, We remember your login ID/email address or screen name so that you can quickly login the next time you visit our site or so that you can easily retrieve the items you previously placed in your shopping cart. Based on this type of information, and with your consent (where required), We also show you specific Nestlé content or promotions that are tailored to your interests. The use of your Personal Data is voluntary, which means that you can oppose the processing of your Personal Data for this purpose. For detailed information on how to opt-out please refer to Section 10 below.
Order fulfilment. We use your Personal Data to process and ship your orders, inform you about the status of your orders, correct addresses and conduct identity verification and other fraud detection activities. This involves the use of certain Personal Data and payment information.
· Fulfilling contractual obligations
· With your consent (where required)
· Legal obligations
· Our legitimate interests
· Improving and developing new products and services
· Being more efficient
· Protect our systems, networks and staff
· Compliance with legal obligations
Other general purposes (e.g. internal or market research, analytic, security). In accordance with applicable laws, We use your Personal Data for other general business purposes, such as maintaining your account, conducting internal or market research and measuring the effectiveness of advertising campaigns. We reserve the right, if you have Nestlé accounts, to reconcile those accounts into one single account. We also use your Personal Data for management and operation of our communications, IT and security systems.
Legal reasons or merger/acquisition. In the event that Nestlé or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your Personal Data with any of our legal successors. We will also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our Website.
· Legal obligations
· Our legitimate interests
· Compliance with legal obligations
· Protect our assets and staff
6. DISCLOSURE OF YOURPERSONAL DATA
In addition to the Nestléentities mentioned in the data controllers & contact section (see Section12), We share your Personal Data with the following types of third partyorganisations:
Service providers.These are external companies that We use to help Us run our business (e.g.order fulfilment, payment processing, fraud detection and identityverification, website operation, market research companies, support services,promotions, website development, data analysis, CRC, etc.). Service providers, andtheir selected staff, are only allowed to access and use your Personal Data onOur behalf for the specific tasks that they have been requested to carry out,based on our instructions, and are required to keep your Personal Dataconfidential and secure. [Where required by applicable law, you can obtain alist of the providers processing your Personal Data (see Section 12 to contactUs).]
Credit reportingagencies/debt collectors.To the extent permitted by applicable law, credit reporting agencies and debtcollectors are external companies that We use to help Us to verify your creditworthiness(in particular for orders with invoice) or to collect outstanding invoices.
Thirdparty companies using Personal Data for their own marketing purposes. Except in situations where youhave given your consent, We do not license or sell your Personal Data to thirdparty companies for their own marketing purposes. Their identity will bedisclosed at the time your consent is sought.
For example, we may share with Meta Platforms Ireland Limited (“Meta”), Google Ireland Limited (“Google”)and other partners certain data regarding actions that you take on our Websitessuch as your visits to our Websites, your interactions on our Websites, use ofFacebook Connect and information collected from cookies or similar technologiesincluding the Facebook pixel. This allows us to measure the effectiveness ofour advertising, improve our marketing practices, and helps us deliver morerelevant advertising to you and people like you (including on social media suchas Facebook, and others). We are a joint data controller with Meta and someother partners for this processing. This agreement means that we must provideyou with this notice, but you should contact Meta if you wish to exercise yourdata protection rights. Further information, including how Meta enables you toexercise your data protection rights, and subsequently processes yourinformation as independent data controller can be found in Meta's Data Policy, whichis accessible at https://www.facebook.com/about/privacy. Similar terms mayapply for other third-party vendors, e.g. Google tags or other technologies. To learn more about personal data processed by Google youcan access Google’sPrivacy & Terms site.
Third party recipientsusing Personal Data for legal reasons or due to merger/acquisition.We will disclose your Personal Data to third parties for legal reasons or inthe context of an acquisition or a merger (see Section 5 for details).
7. RETENTION OF YOUR PERSONALDATA
In accordance withapplicable laws, We will use your Personal Data for as long as necessary tosatisfy the purposes for which your Personal Data was collected (as described inSection 5 above) or to comply with applicable legal requirements. Personal dataused to provide you with a personalized experience (see Section 5 above fordetails) will be kept for a duration permitted by applicable laws.
8. DISCLOSURE,STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA
We use appropriate measures(described below) to keep your Personal Data confidential and secure. Pleasenote, however, that these protections do not apply to information you choose toshare in public areas such as third party social networks.
People who can access yourPersonal Data. Your PersonalData will be processed by our authorised staff or agents, on a need to know basis,depending on the specific purposes for which your Personal Data have beencollected (e.g. our staff in charge of consumer care matters will have accessto your consumer record).
Measures taken in operatingenvironments. We store your PersonalData in operating environments that use reasonable security measures to preventunauthorised access. We follow reasonable standards to protect Personal Data.The transmission of information via the Internet is, unfortunately, not completelysecure and although We will do our best to protect your Personal Data, Wecannot guarantee the security of the data during transmission through ourWebsites/apps.
Measures We expect you totake. Itis important that you also play a role in keeping your Personal Data safe andsecure. When signing up for an online account, please be sure to choose anaccount password that would be difficult for others to guess and never revealyour password to anyone else. You are responsible for keeping this password confidentialand for any use of your account. If you use a shared or public computer, neverchoose to have your login ID/email address or password remembered and make sureto log out of your account every time you leave the computer. You should alsomake use of any privacy settings or controls We provide you in our Website/app.
Transfer of your PersonalData. Because of the internationalnature of our business, we may need to transfer your personal data within theNestlé group, and to third parties as noted in Section 6 above, in connectionwith the purposes set out in this Privacy Notice. For this reason, we maytransfer your personal data to other countries that may have different laws anddata protection compliance requirements to those that apply in the country inwhich you are located.
9. YOURRIGHTS
Access to Personal Data.You have the right to access, review and request a physical or electronic copyof information held about you. You also have the right to request informationon the source of your Personal Data.
These rights can be exercisedby sending Us an e-mail dataprotectionPT@pt.nestle.comor writing to us at Rua Alexandre Herculano,8, 2799-544 Linda-a-Velha attaching a copy of your ID or equivalent details(where requested by Us and permitted by law). If the request is submitted by aperson other than you, without providing evidence that the request islegitimately made on your behalf, the request will be rejected. Please notethat any identification information provided to Us will only be processed in accordancewith, and to the extent permitted by applicable laws.
Additionalrights (e.g. modification, deletion of Personal Data).Where provided by law, you can (i) request the deletion, portability, correctionor revision of your Personal Data; (ii) limit the use and disclosure ofyour Personal Data; and (iii) revoke consent to any of our data processingactivities.
Subject to applicable law, you may also have the following additional rights regarding the use of your Relevant Personal Data:
• the right to object, on grounds relating to your particular situation, to the use of your Relevant Personal Data by us, or on our behalf; and
• the right to object to the Processing of your Relevant Personal Data by us, or on our behalf, for direct marketing purposes.
Pleasenote that, in certain circumstances, We will not be able to delete your PersonalData without also deleting your user account. We may be required to retain someof your Personal Data after you have requested deletion, to satisfy our legalor contractual obligations. We may also be permitted by applicable laws to retainsome of your Personal Data to satisfy our business needs.
Where available, ourWebsites have a dedicated feature through which you can review and editthe Personal Data that you have provided. Please note that We requireour registered consumers to verify their identity (e.g. login ID/email address,password) before they can access or make changes to their account information.This helps prevent unauthorised access to your account.
Wehope that We can satisfy queries you may have about the way we process yourPersonal Data. However, if you have unresolved concerns you also have the rightto complain to competent data protection authorities.
10. YOURCHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
We strive to provide youwith choices regarding the Personal Data that you provide to Us. The following mechanismsgive you control over your Personal Data:
Cookies/Similar Technologies. Youcan manage your consent via (i) our consent management solution or (ii) your browserso as to refuse all or some cookies/similar technologies, or to alert you whenthey are being used. Please see Section 4 above.
Advertising, marketing and promotions. Youcan consent for your Personal Data to be used by Nestlé to promote itsproducts or services through tick-box(es) located on the registration forms orby answering the question(s) presented by our CES representatives. If you decidethat you no longer wish to receive such communications, you can subsequently unsubscribefrom receiving marketing-related communications at any time, by following the instructionsprovided in each such communication. To unsubscribe from marketing communicationssent by any medium, including third party social networks, you can opt-out atany time by unsubscribing through links available in our communications, logging into the Websites/apps or third partysocial networks and adjusting your user preferences in your account profile byunchecking the relevant boxes or by contacting our CES. Please note that, even if you opt-outfrom receiving marketing communications, you will still receive administrativecommunications from Us, such as order or other transaction confirmations, notificationsabout your account activities (e.g. account confirmations, password changes, etc.),and other important non marketing related announcements.
Personalization (offlineand online): Where required bylaw, if you wish to have your Personal Data used by Nestléto provide you with a personalized experience/targeted advertising &content, you can indicate so through the relevant tick-box(es) located on theregistration form or by answering the question(s) presented by our CESrepresentatives. If you decide that you no longer wish to benefit from this personalization,you can opt-out at any time by logging into the Websites/apps and adjustingyour user preferences in your account profile by unchecking the relevant boxesor by calling our CES.
Targeted Advertising. Wepartner with ad networks and other ad serving providers (“Advertising Providers”)that serve advertising on behalf of Us and other non-affiliated companies onthe Internet. Some of those advertisements are tailored to your interestsbased on information collected on Nestlé sites or on non-affiliatedwebsites over time. You can visit www.aboutads.info/choices tolearn more about this type of advertising, as well as about how to opt-out ofinterest-based advertising practices from companies that participate in theDigital Advertising Alliance’s (“DAA”) self-regulatory program. Additionally,you can opt-out of this type of advertising in mobile applications from companiesthat participate in the DAA’s AppChoices app by downloading the app from theiOS or Android app store. You can also stop the collection of preciselocation data from a mobile device by accessing your device location servicesettings.
11. CHANGES TO THIS NOTICE
If We change the way Wehandle your Personal Data, We will update this Notice. We reserve the right tomake changes to our practices and this Notice at any time, please check backfrequently to see any updates or changes to our Notice.
12. DATACONTROLLERS & CONTACT
To ask questions or makecomments on this Notice and our privacy practices or to make a complaint aboutour compliance with applicable privacy laws, please contact Us at: loja.lisboa@pt.nestle.com orwriting to us at Rua Alexandre Herculano, 8, 2799-544 Linda-a-Velha or callour CES on faleconnosco@pt.nestle.com
You can also contact ourData Protection contact via email at: dataprotectionPT@pt.nestle.com
We will acknowledge andinvestigate any complaint about the way We manage Personal Data (including a complaintthat We have breached your rights under applicable privacy laws).
Data controllers
Responsible for
Nestlé Portugal, Unipessoal, Lda
Rua Alexandre Herculano, 8,
2799-544 Linda-a-Velha
All activities