Introduction
Danone knows that you care how your personal data is used and we recognise the importance of protecting your privacy.
This Privacy Statement explains how Danone S.A. and its subsidiaries (“Danone”, “we”, “our” or “us”), acting as Data Controller, collect and manage your personal data in relation to the Eat Like A Champ programme (the “Programme”). It contains information on what data we collect, how we use it, why we need it and how it can benefit you.
Please see our “Data Controllers and How to Contact Us” section below for more information on which Danone subsidiaries act as the Data Controller and for our contact details.
Contact us here if you have any queries and comments, or if you want to make a request regarding any of your data subject rights.
This privacy statement was last updated in December 2020.
Basic principles and our privacy commitment
At Danone we are committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have therefore committed ourselves to the following basic principles:
- You have no obligation to provide any personal data requested by us, except as required by law or to perform any contract we have with you. However, if you choose not to, we may not be able to provide you with some services or products;
- We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to;
- We aim to collect, process and use as little personal data as possible and not more than is required for the purposes as described in this Privacy Statement;
- When we do collect your personal data, we aim to keep it as accurate and up to date as possible;
- If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it; and
- Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement.
What personal data do we collect?
By personal data, we refer to any information about a person from which that person can be identified. This does not include data for which the identity has been deleted (anonymous data).
The personal data we collect varies depending upon the purpose of the collection and the product or service we are providing you.
Danone may collect the following categories of personal data from you directly:
a) Identity Data means your first and last name
b) Contact Data means your email address
c) Professional Data (Teachers only) includes the name of your place of work, work address, telephone number and your role, job title or position
d) Profile Data includes your account login details, such as your user ID, e-mail username and password, your interests, preferences, feedback and survey responses.
e) Technical Data includes your internet protocol (IP) address, your browser history, such as pages accessed, date of access, location when accessed, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
f) Marketing and Communication Data incudes your preferences in receiving marketing from us or via our third parties and your communication preferences.
g) Programme Data includes where you heard about the Eat Like A Champ programme and how many classes you’ll be teaching the Programme to.
How do we collect your personal data?
We collect your personal data directly from you via the following sources:
- Information you give us. This is information (including Identity, Contact, Professional, Profile, Marketing and Communications and Programme Data) you give us by filling in our registration, contact us or feedback forms, or by corresponding with us (for example, by telephone, email, or otherwise). If you contact us, we may keep a record of that correspondence. This includes personal data you provide when you:
o request certain services from us;
o create an account on our website;
o subscribe to our service or publications;
o request marketing to be sent to you;
o enter a competition, promotion or survey; or
o give us feedback or contact us. - Information we collect about you and your device. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this data using cookies and other similar technologies. Please see our cookie statement for further details.
We may also collect personal data about you indirectly when:
- you share content on social media pages or websites related to the Programme or in response to our promotional material on social media;
- we read or collect personal data about you by reading information collected by third party websites (for instance, we may place an ad on a third party website, and when you click on that ad, we may receive information about you and other website visitors in order to measure the reach and success of that ad; and
- we may collect data about when you open a Danone email or click on a link found in one. This allows us to see how well our communications with you are performing.
Why do we collect and use your personal data?
We collect your personal data so we can perform any contract we have with you, provide you with the best online experience and to provide you with a high quality of customer service.
In particular we may collect, hold, use and disclose your personal data for the following purposes:
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you for the Eat Like A Champ programme and to manage your registration | Identity Contact Professional Profile Programme | Performance of a contract with you |
| To manage our relationship with you which will include: Notifying you about changes to the website, the Programme, our Terms & Conditions or Privacy Statement | Identity Contact Professional Profile | a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated) |
| To communicate information to you regarding the Programme, this may also include information on events or competitions we are running related to the Programme | Identity Contact Professional Profile Marketing and Communications | a) Performance of a contract with you (b) Consent (where required for marketing communications) |
| To manage our relationship with you which will include: (a) Asking you to leave a review, provide feedback, or take a survey (b) Enabling you to partake in a prize draw, competition or to complete a survey (c) To manage our everyday business needs in connection with your participation in competitions or promotional activities related to the Programme | Identity Contact Professional Profile Programme Marketing and Communications | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how schools/teachers/parents use the Programme and services, to develop the Programme and grow our reach) (c) Consent (where required for marketing communications) |
| To process and answer your enquiries, complaints or to contact you in order to answer your questions and/or requests | Identity Contact Professional Profile | (a) Necessary for the performance of a contract (b) Necessary to comply with a legal obligation |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Identity Contact Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you | Identity Contact Profile Marketing and Communications Technical | Necessary for our legitimate interests (to study how schools, teachers and or parents, use our services, to develop them, to grow our Programme and to inform our marketing strategy) |
| To use data analytics to improve our website, services offered, marketing, customer relationships and experiences | Technical | Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
We may also need your personal data to comply with legal obligations or in the context of a contractual relationship that we have with you.
When we collect and use your personal data on the legal basis of our legitimate interests, we believe the risk to your data protection rights in connection with personal data is not excessive or overly intrusive. We have also put in place protections for your rights by ensuring proper retention periods and security controls.
When we collect and use your personal data for the purposes mentioned above or for new purposes, we will inform you before or at the time of collection.
Marketing
Where legally required to do so or where appropriate, we will ask for your consent to process your personal data. We will only send you marketing communications by email (such as Programme news, related events and competitions that may interest you) if we have your consent. We will get your opt-in consent before we share your personal data with any third party for our marketing purposes. You have the right to withdraw your consent at any time by informing us of your decision. If you wish to withdraw your consent, please contact via our contact page.
Your rights
Where we process your personal data, you are entitled to a number of rights and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights via our contact page.
Some of these rights only apply in certain circumstances and so are not guaranteed or absolute rights. Please contact Our Data Protection Officer if you have any questions about your rights.
The right to access your personal data and correction
You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact us via our contact page.
The right to data portability
Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies where:
a) The processing is based on your consent;
b) The processing takes place for the performance of a contract;
c) The processing takes place by automated means;
If you wish to exercise your right to data portability, please contact us via our contact page.
The right to deletion of your personal data
You have right to request that we delete your data if:
a) your personal data is no longer necessary in relation to the purposes for which we collected it; or
b) you withdraw the consent that you had previously given us to process your personal data, and there is no other legal ground to process that personal data; or
c) you object to us processing your personal data for direct marketing purposes; or
d) you object to us processing your personal data for Danone’s legitimate interests (such as improving overall user experience on websites);
e) the personal data is not being processed lawfully; or
f) your personal data needs to be deleted to comply with the law.
If you wish to delete the personal data we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with our legal obligations. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it. This is discussed in further detail below.
The right to restriction of processing
You have the right to restrict the processing of your personal data if
a) you do not believe the personal data we have about you is accurate; or
b) the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
c) we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
d) you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.
If you wish to restrict our processing of your personal data, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements.
The right to object
You have the right to object to the processing of your personal data at any time. Please contact us via our contact page.
The right to withdraw consent
Where legally required to do we will ask for your consent to process the personal data. When we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to this withdrawal. If you wish to withdraw your consent, please contact us via our contact page.
The right to lodge a complaint with a supervisory authority
While we would be grateful if you lodged any complaints with us, you have the right to lodge a complaint directly with the Information Commissioner’s Office about how we process personal data.
For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact the Information Commissioner’s Office at:
Mailing Address: Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
Phone Number: +44 303 123 1113
Email Address: casework@ico.org.uk
You can also contact our Data Protection Officer directly at DPO.UKIE@danone.com
Personal data retention period
We will only retain your personal data for the minimum time necessary to achieve the purposes for which we collected it as set out in this Privacy Statement, including to comply with any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we take into account the quantity, nature and sensitivity of personal data, the potential risk of harm resulting from the unauthorised use or disclosure of your personal data, the purposes for which We process your personal data and the possibility of attaining those purposes by other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.
After the established deadlines, the data is either deleted or retained after being anonymized, especially for statistical purposes. It may be retained in case of pre-litigation and litigation. It should be noted that deletion or anonymization are irreversible operations, and that Danone is no longer able, thereafter, to restore this data.
How we protect your personal data
We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.
Sharing of your personal data
When we share your personal data with Danone affiliates and other organizations, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.
Trusted third parties may assist us in providing specific services or functions on our behalf, such as IT services including platform providers, hosting services, maintenance and support on our website as well as on our software and applications that may contain data about you, or to perform on our behalf the statistical analyses associated with the use of the website and Programme.
Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement. We may, however, share your data when required by law and/or government authorities.
Your personal data will be shared with the following third parties for the purposes described:
| Category of third parties: | Data type: | Purposes: | Legal Basis for Processing |
|---|---|---|---|
| EXTERNAL PROCESSORS: | |||
| BNM Design Ltd T/A BrandNewMedia a web marketing agency | Identity Contact Professional Profile Programme Marketing and Communications | For sending emails on behalf of Danone to: - update on new content - update on events/competitions related to the Programme - updates on new Programme content or related services | Consent (where required) |
| Marketing Agencies | Identity Contact Professional Profile Programme Marketing and Communications | For sending emails on behalf of Danone to: - coordinate and support with Programme evaluations - update on new content - update on events/competitions related to the Programme. - updates on new Programme content or related services. | Consent (where required) |
| Marketing Agencies | Identity Contact Professional Profile Programme Marketing and Communications Technical | To support with Programme evaluations (including recruitment, analysing and reporting) To develop, analyse and improve our services, communication methods and the functionality of our websites | Consent (where required) Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business services and to inform our Programme content and marketing strategy) |
| REPORTING PROVIDERS: | |||
| Google Analytics | Anonymized data | To analyse user behaviours on a website and email | Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business services and to inform our Programme content and marketing strategy) |
If we decide to reorganise or to sell our business or our company, directly or indirectly through a sale, merger, or acquisition, we may share your personal data with actual or prospective purchasers of the business, or of our company. We will require that any such purchasers treat your Personal Data consistently with this Privacy Statement.
Sharing data internationally
Personal data may be processed outside the UK and the European Economic Area (EEA). When processed outside the UK or EEA, Danone will use its best endeavours to make sure that this cross-border data processing is protected by adequate safeguards.
The safeguards that we use to protect cross-border data processing include:
a) Standard Contractual Clauses approved by European Commission. These standardized contractual clauses provide sufficient safeguards to meet the adequacy and security requirements of the European General Data Protection Regulation; or
b) certifications which demonstrate that third parties outside of the EEA process personal data in a way that is consistent with the European General Data Protection Regulation and or UK General Data Protection Regulation and Data Protection Act 2018. These certifications are approved either by the European Commission, a competent supervisory authority or a competent national accreditation body in terms of General Data Protection Regulation.
Cookies and other technologies
We may also collect personal data about you through the use of cookies and other technologies. This may occur when you visit our sites or third-party sites, view our online promotions, or use our/third-party mobile applications and may include the following information:
a) Information about your device browser and operating system;
b) The IP address of the device you are using;
c) Web pages of ours that you view;
d) Links that you click while interactive with our services.
Please see our cookie statement for more information on this.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Privacy considerations for local law
We will hold and process your personal data in accordance with the UK Data Protection Act 2018 which provides the same protections as the EU General Data Protection Regulation.
Changes to this Privacy Statement
This notice was last updated on in December 2020. We reserve the right to change this notice at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Changes to this notice shall be applicable on the effective date of implementation. Please refer to our website for the latest version of this notice. We will also communicate any changes to you, where we are legally required to do so.
Data controllers & How to contact us
If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us via our contact page.
or write to us at:
Data Protection Officer, 6th Floor, Building 7 Chiswick Park, 566 Chiswick High Road, London, United Kingdom, W4 5YG
You can also contact our Data Protection Officer directly via email at: DPO.UKIE@danone.com.
Data Controllers
| DANONE S.A a public limited company registered with the trade and companies register of Paris under the number 552 032 534 whose registered office is at 17, Boulevard Haussmann – 75009 Paris, France |
| DANONE HOLDINGS (UK) incorporated in England and Wales with company number 022555846 whose registered office is at 100 New Bridge Street, London, United Kingdom, EC4V 6JA |