Danone Deutschlannd GmbH is responsible for the personal data that you share with us. When we say “Danone”, “us”, “our” or “we”, we are referring to Nutricia Milupa GmbH. In accordance with regulations applicable to the processing of personal data, Danone is the “data controller”.

Imprint

If you want to know more about DANONE and its products, please visit https://www.danone.com.

The personal data we collect varies depending on our relationship with you, the purpose of the collection and the product or service we are providing to you. Please see the section(s) below that best describes our relationship with you for further details of the personal data that we collect.

We may collect your personal data directly from you.

You may give us personal data about yourself by visiting our websites or applications, creating an account with us, ordering products or services from us, registering to receive our newsletters or communications (including marketing messages) by any means (e.g. SMS, phone instant messaging, etc.), entering or participating in a survey, research activity, game, contest or competition run by us, submitting an enquiry or request to us, contacting us by phone, email or other means, filling in our forms (both online and offline), registering for an event, congress or seminar (online or offline) or by posting or commenting on our social media pages (such as Facebook or Instagram) or engaging with our other digital media communications.

Some of this data is collected via cookies and similar tracking technologies - see our Cookie Statement for further details on this.

We may also receive personal data about you from third parties such as: our business partners, including marketing agencies, market research companies, companies that co-sponsor our promotions, retailers; family, friends and others who provide your personal data to us because you have consented to or they think you may be interested in our products and services or they want to share a product or service with you; and other third parties such as media providers/owners, public and third party websites, social media platforms, advertising platforms, our suppliers or our group companies (referred to in this Privacy Statement as "third parties" or "suppliers"). 
 

Visitors to our websites and users of our apps and services

We, or third parties on our behalf, may collect and use information about you such as the following:

1. personal contact data, such as your name, gender, email address, physical address and telephone number(s);
2. account login details, such as your user ID, email username, password and photo; 
3. communication data between you and us, which may include details of our conversations via chat and contact forms available on our websites and/or apps;
4. social media or 3^rd party account profile information where you use your social media or 3^rd party account to create an account and login or where you share this with us;
5. where you submit content to our websites and/or apps (such as a personal testimonial or review);
6. health data where you provide this to us – please also see the "Special categories of data" section below;
7. your entry into a survey, game, contest, promotion or competition (including the entry itself, which may be a photo, comment or answer to a question);
8. any information you provide to us when signing-up for, or as a member of, any clubs, communities or schemes offered by us;
9. information about people other than you, such as personal data about your family members, when you provide such information directly to us;
10. where we are able to collect this, information about how you engage with our messages and communications (e.g. emails, SMS, instant messages) including whether they are delivered to you, whether you open them, links you click in them and whether you unsubscribe to them;
11. any updates to data provided to us; and
12. personal data created and recorded as you use our websites, apps and/or services, including:
    1. technical information– this includes the Internet Protocol (IP) address used to connect your device to the internet address; the type of device you use; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform; and
    2. information about your visit and your behavior on our websites and/or apps (such as the pages that you click on) – this may include time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs, information shared with others, including through email and social media), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads. 
        

Customers and prospective customers in relation to online purchases

We, or third parties on our behalf, may collect and use some information about you such as the following:

1. the personal data in relation to visitors to our websites and users of our apps and services as set out in the section above;
2. your age;
3. your gender;
4. order information and shipping data, such as your name, email address, postal address and telephone numbers;
5. information about what products you have purchased from us and products you have added to your basket;
6. your email subscription preferences;
7. where we are able to collect this, information about how you engage with our emails, including whether they are delivered to you, whether you open them, links you click in them and whether you unsubscribe to them;
8. demographic information and interests, such as your age range, gender, preferred products and lifestyle preferences. Lifestyle preferences may include your preferences for some of the products we offer, and your interests related to those products. We may also infer certain preferences and interests about you based on your browsing habits, your purchase history, your feedback and responses to surveys or market research, and your demographic information;
9. information about people other than you, such as personal data about your family members, when you provide such information directly to us.
10. payment information for purchases made on one of our online shops. Payment information generally relates to your billing name, billing address and payment data, such as your credit card details or bank account number.
     

People who contact us with enquiries (e.g. via our consumer contact centres)

We, or third parties on our behalf, may collect and use some information about you such as the following:

1. your name including your title;
2. your postal address;
3. your email address;
4. your telephone number;
5. your date of birth;
6. your contact preferences;
7. information provided when you correspond with us (such as via our care lines and/or customer service lines or social media) which might include call recordings if you call us directly – to the extent this includes information about your health, please see the "Special categories of data" section below;
8. information about people other than you, such as personal data about your family members, when you provide such information directly to us; and
9. any updates to information provided to us.
    

Attendees or prospective attendees at Danone-related events (online and offline)

We, or third parties on our behalf, may collect and use some information about you when attending events (including trainings and e-learnings), including the following:

1. personal contact data, such as your name, email address, physical address and telephone number(s);
2. your employment details (where you are attending on behalf of your employer);
3. the field of expertise in which you are active, your professional qualifications and activities, and professional details such as data related to your educational/professional employment history;
4. information you provide in respect of the event itself (such as visitor forms, feedback surveys, recordings or interviews of the event and pictures of the event and content you submit as part of the event (e.g. if you ask a question) and your travel and accommodation details); and
5. any dietary information you provide to us (when applicable).
    

People we interact with during the course of business who do not fall within any of the above categories (other than suppliers)

When Danone interacts with you in your capacity as an external stakeholder who does not fall within the above categories, such as where you are a representative of one of our clients, an agent of an industry or peer company, a scientist, a health care professional, an academic, a representative of a non-governmental or consumer organization, a politician, a policy-maker, a regulator, an investor, an extra-financial rating agencies, a journalist, a trade associations representative, etc., we, or third parties on our behalf, may collect and use the following information about you:

1. professional contact data, such as your title, name, email address, physical address, telephone number(s), social media handles, language of communication;
2. your employment details (job title, organization, any other position you may hold) and/or political party affiliation (only when it has been manifestly made public by you);
3. the field of expertise in which you are active, your professional qualifications and activities, and professional details such as data related to your educational/professional employment history; and
4. any other information that you provide to us in the course of our interactions with you.

If you are, or act for, a supplier of Danone, this Privacy Statement does not apply to you. The appropriate privacy policy or privacy statement will be made available to you separately.
 

People whose personal data we collect from other sources

We may also collect personal data about you from other sources when:

1. you search for our products and services and when you share content on social media pages, websites or applications related to our products or in response to our promotional material on social media;
2. we collect your personal data from other public sources (e.g. comments on other websites than ours) that mention Danone or ones of its brands. We may also collect publicly available data about you in your capacity as a public figure for business objective purposes;
3. your data is provided to us by media providers and retailers, such as your purchasing history data and your loyalty card profile; and
4. your insights data is provided to us by third parties (i.e. media providers, marketing technology or advertising technology solutions), such as your demographic data (e.g. age, parental status), your location, your interests and your purchase intent. Some of this data may have been collected from the use of cookies and other similar tracking technologies.    
    

Special categories of data

In principle Danone does not seek to process sensitive data relating to you. However, some of the personal data that we collect about you or which you provide to us may be special categories of data, often relating to health and wellbeing. 

We will only process this type of data for purposes to which you give your explicit consent, or in any other circumstances permitted by law (such as defense of legal claims).

The table below shows the purposes for which we collect and use your personal data, as well as the legal bases for our use for your personal data. Further information as to our legal bases is set out below the table. Please note that not all of the uses below will be relevant to every individual:

When we collect and use your personal data for new purposes, we will inform you before or at the time of collection (and ask for your consent when required) unless we reasonably consider that this purpose is compatible with the original one as detailed above.
 

Legal basis

We consider that the legal bases for using your personal data as set out in this Privacy Statement are as follows:

1. Contractual necessity: our use of your personal data is necessary to perform our obligations under any contract with you or to take steps prior to entering a contract with you.
    
2. Compliance with legal obligations: our use of your personal data is necessary for complying with our legal obligations.
    
3.  Consent: We may process your personal data on the basis of your consent. Where you have given consent, but you later change your mind, you may withdraw your consent by contacting us and we will stop doing processing your personal data in this way. However, if you withdraw your consent, this may impact our ability to provide our products and associated services to you.
    
4. Legitimate Interests: our use of your personal data is necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests might include the following:

• running, growing and developing our business;
• operating and ensuring the security of our websites and apps;
• ensuring a safe working environment for our staff and visitors;
• marketing, market research and business development;
• providing services to our customers;
• placing, tracking and ensuring fulfilment of orders with our suppliers;
• investing in and rolling out new products to benefit the communities in which we operate;
• for internal group administrative purposes; and
• to create profiles (e.g. groups that may have common characteristics) and provide you with personalized messages and tips about products directly, as well as through traditional and social media campaigns based on your interests and preferences. More information on how your personal data is used and how to opt out is explained below in the "Profiling and automated decision making" section of this Privacy Statement below.

Whenever we collect and use your personal data on the legal basis of legitimate interests, we take care it does not outweigh your rights as an individual.

We may analyze information about you in order to create profiles (e.g. by compiling individuals into groups that we believe to have certain common characteristics). We use these profiles to personalize our websites, apps, services or products, as well as our communications to you (e.g. by sending/displaying content that may be relevant and useful to you, subject to applicable data protection and e-privacy laws). We may also use these insights to display relevant advertising to you either on our websites or apps, or via third-party websites.  

Where we do this, we will of course inform you and we will give you an opportunity to object to these processes in advance. We will also obtain your consent where this is required by law, for instance where information about you is collected via certain types of cookies that we use – please see our Cookie Statement for further details on our use of cookies. You are also free to contact us for further information on this type of processing.

For some services and products, we may process your personal data using automated means. Essentially this means that decisions are taken automatically without human intervention. We will not make decisions based solely on automated decision making to the extent that they have a legal effect or significant impact on you without first notifying you and providing you with clear information about any such automated decision-making, including our lawful basis for carrying it out and the ability to have a human intervention for reviewing the decision.

Our websites and apps may contain hyperlinks to third party websites, plug-ins or applications that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators.

This Privacy Statement only applies to the personal data that we collect or which we receive from third party sources and over which we act as a data controller, and we cannot be held responsible for personal data about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal data to these websites.

We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

Some of our websites and apps allow users to submit their own content. Please remember that any content submitted on our product/brand page(s) on social media platforms can be viewed by the public and reposted, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our product/brand page(s) on social media platforms. We reserve the right to delete user generated content that doesn’t comply with the relevant terms & conditions.

Most of our websites are designed and intended for use by adults. Where one of our websites is intended for use by a younger audience, we understand the importance of taking extra precautions to protect the privacy and safety of children.

If our websites are ever intended for young audiences, we will in all cases respect our external commitments on responsible marketing, and we will ensure that before we collect personal data, consent is validly obtained from the parent(s) or legal guardian(s) to the extent that this is required by applicable laws and regulations (the age at which this is necessary varies from country to country).

If we discover that we have collected personal data from a child without consent from a parent or legal guardian where such consent should have been obtained, we will delete that personal data as soon as practical.

When we share your personal data with affiliates and other organizations, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.

Your personal data will never be sold or rented.

We may, however, share or disclose your personal data as described in this Privacy Statement. Your personal data will be shared with the following third parties for the purposes described:

1. Other Danone companies/entities: Where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of products to our customers, corporate strategy, merger and acquisition operations, compliance, auditing and monitoring, research and development and quality assurance).

2. Third party service providers and subcontractors: Including those which:

• assist us to carry out your requests, respond to your inquiries, fulfil your orders, honor coupons, provide you with samples, enable you to participate in sweepstakes, such as logistics providers, sponsors and customer support providers;
• perform core information technology and other business-related services, such as website/app development providers, cloud hosting providers, management and evaluation service providers, data analysts, payment processors, utility providers, insurers;
• assist in the organization of our events, marketing, advertising and promotional activities; or
• provide analytics and optimization services relating to our websites and apps.

3. Social media platforms: When our web pages use social plug-ins from these businesses (such as the “Like" and "Share" buttons). These other businesses may receive and use personal data about your visit to our sites or apps. If you browse our website or view content on our apps, personal data they collect may be connected to your account on their site. For more information on how these businesses use personal data, please read their privacy policies.

4. Business transfer recipients: Where we sell or buy any business or assets, (such as a merger/absorption), to the prospective seller or buyer of such business or assets, or where substantially all of our or any of our affiliates' assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data controller processes your data and its privacy statement governs the processing of your personal data.

5. Legal disclosure recipients: Where we are obliged by law to disclose your personal data (e.g. to government or law enforcement bodies) or where disclosure is required to protect our rights or those of our staff, customers or other third parties.

Save as expressly detailed above, we will never share, sell or rent any of your personal data to any third party without notifying you and, where necessary, obtaining your consent.

Your personal data may be used, stored and/or accessed by staff operating outside the EEA or the UK working for us, other members of our group or trusted third parties.

If we provide any personal data about you to any such non-EEA and non-UK members of our group or trusted third-parties, we will take appropriate measures to ensure that the recipient protects your personal data adequately, such as:

1. ensuring that there is an adequacy decision by the European Commission in the case of transfers out of the EEA or by the UK Government in the case of transfers out of the UK;
2. having in place standard model contractual arrangements with the recipient which have been approved by the European Commission (or the UK Government for transfers out of the UK in due course);
3. any other safeguarding mechanism permitted by law.

We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data, and we require that trusted third parties who handle your personal data for us do the same. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.

In the course of provision of your personal data to us, your personal data may be transferred over the internet.  Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal data transmitted to our website and that any such transmission is at your own risk. Then, once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access to it.

Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential.

We keep your personal data for no longer than necessary for the purposes for which the personal data is processed.  The length of time for which we retain personal data depends on the purposes for which we collect and use it, for the duration of your contractual relation with us and/or as required to comply with applicable laws and regulations as well as to establish, exercise or defend our legal rights.

For example, where you make a purchase online with us or register for a webinar, we will keep the personal data related to your purchase or registration, so we can perform the specific contract you have entered. After that, we will keep the personal data for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase or registration.

Where we process your personal data, you are entitled to a number of rights established in the relevant applicable laws and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you.

We will consider all such requests and, in accordance with the applicable laws, will provide our response within a reasonable period, or within the period prescribed by law. Please note, however, that we may rely on certain exemptions to complying with your requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.  If an exemption applies, we will tell you this when responding to your request.

We may request you provide us with information necessary to confirm your identity before responding to any request you make. 
 

The right to be informed

You have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Statement.

The right to access your personal data and correction

You have the right to access the personal data we hold about you, as well as correct, update or complete it at any time.
 

The right to deletion of your personal data

You have right to request that we delete your personal data. However, this is not an absolute right and we may have legitimate, legal and regulatory reasons to retain your personal data.
 

The right to object

Under certain circumstances, you have the right to object to certain types of processing based on grounds relating to your particular situation when such processing is based on our or another's legitimate interest. If you exercise this right, we will stop using your personal data for this purpose, unless we can demonstrate compelling legitimate grounds to continue processing your personal data that would outweigh your interests, rights and freedoms. You have the right to object to the processing of your personal data for direct marketing activities (for example, by clicking on the unsubscribe link in our emails). 
 

The right to withdraw consent

Where we rely on your consent to process personal data, you have the right to withdraw consent at any time, without affecting our processing of your personal data before you withdrew consent.
 

The right to restriction of processing

Under certain circumstances you have the right to restrict the processing of your personal data if:

1. you do not believe the personal data we have about you is accurate; or
2. you consider that the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
3. we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
4. you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.
    

The right to data portability

Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies to personal data you have provided to us and where the processing: (i) is based on your consent or takes place for the performance of a contract; and (ii) it takes place by automated means.
 

The right to lodge a complaint with a supervisory authority

If you think that we have not met the data protection or privacy requirements, you have the right to make a complaint to the data protection authority in the country where you usually live or work, or where an alleged infringement of applicable data protection laws has taken place. 

If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us via our contact page or contact our data protection officer:

Private and confidential
Herr Matthias Lindner
intersoft consulting services AG
Beim Strohhause 17, 20097 Hamburg

We may update our Privacy Statement from time to time (for example, to comply with changes in laws or regulations, our practices, procedures and organizational structures, requirements imposed or recommended by supervisory authorities or otherwise). Any changes we make to our Privacy Statement in the future will be posted on this page and will be applicable on the effective date of implementation.  Where we are legally required to do so, we will notify you of any changes. Please check back frequently to see any updates or changes to our Privacy Statement.  

This Privacy Statement was last updated in March 2022.

You have the opportunity to register with us and create a customer account. For the registration we collect and store the following data:

Required Fields:

• Salutation
• First given name
• Surname
• E-mail address (user name)
• Address
• Professional discipline
• Profession

After registration, you will receive a personal, password-protected access and can view and manage the data you have stored. Registration is voluntary but may be required to use our services.

You have the possibility to contact us via our e-mail address or the contact form. Of course, we will only use the personal data transmitted to us for the purpose for which you provide us with these when contacting us.

Insofar as we use our contact form to request entries that are not required for contacting us, we have always marked these as optional. This information serves to concretize your request and to improve the handling of your request. A statement of this information is expressly provided on a voluntary basis and with your consent. As far as this information concerns communication channels (for example, e-mail address, phone number), you also agree that we may also contact you via this communication channel to answer your request.

Of course, you can revoke this consent at any time for the future. Please contact us viaapp-support@nutricia-metabolics.de or our data protection officer whose contact details you find above.

To register for our newsletter, we use the so-called double opt-in procedure. This means that after stating your e-mail address, we will send you a confirmation e-mail to the specified e-mail address asking you to confirm that you wish to receive the newsletter. If you do not confirm within 24 hours your registration will be automatically deleted. If you confirm the desire to receive the newsletter, we will save your e-mail address until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletter. Furthermore, we store your IP addresses and the times when registering and confirming, in order to prevent misuse of your personal data.

Obligatory statement for the transmission of the newsletter is the e-mail address alone. The specification of further, separately marked, information is voluntary and will be used solely to personalize the newsletter. These data will also be completely deleted upon revocation.

For the newsletter delivery we use the tool MailChimp, which is offered by the company The Rocket Science Group, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA (“Rocket”). Rocket is certified under the EU-US Privacy Shield Privacy Shield Agreement and is therefore required to comply with EU data protection legislation.

You can access the privacy policy of Mailchimp at the following link: mailchimp.com/legal/privacy/.

You can revoke your consent to the sending of the newsletter at any time. You can insert the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to app-support@nutricia-metabolics.de or by a message to the data protection officer / s. Your given data will not be disclosed to third parties, except to the partner of our newsletter tools.

In order to improve our website and make the use of it as optimal as possible for you, but also for advertising purposes, we use cookies. Cookies are small text files that are stored on your computer when you visit our website and allow a reassignment of  your browser. Cookies store information, such as your language setting, the duration of your visit to our website or your entries there. This avoids having to re-enter all required data every time it is used. In addition, cookies enable us to recognize your preferences and to align our website with your interests.

Most browsers accept cookies automatically. If you want to prevent the storage of cookies, you can choose "do not accept cookies" in the browser settings. How this works in detail, you can refer to the instructions of your browser manufacturer. Cookies that are already stored on your computer can be deleted at any time. We point out, however, that our web site without cookies may be of limited use.

Session cookies are temporary cookies that are stored in the user's Internet browser until the browser window is closed and the session cookies are deleted.

In addition, with the help of markers on our pages - so-called tracking pixels - each time we load our page, for example, we record how often it is retrieved and clicked on, also without intervention and inference to your computer.

We use the following technology from Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"):

This website uses Google Analytics. On behalf of the operator of this website, Google will evaluate your use of the website to compile reports on website activity and provide other services related to website activity and internet usage to the website operator.

Since the vote of the Hamburg commissioner for data protection and freedom of information with Google on the basis of the decision of the Dusseldorf circle for the privacy-compliant design of analysis methods for measuring range in Internet offers a privacy-compliant and complaint-free use of Google Analytics is possible under certain conditions. Of course, we adhere to these requirements. In particular, we point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp ();" in order to ensure an anonymous collection of IP addresses (so-called IP-Masking). Your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. For more information about Terms of Use and Privacy, please visit https://www.google.com/analytics/terms/en.html or https://www.google.com/intl/en/policies/.

Google Analytics uses so-called "cookies", text files that are stored on your computer. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on. If you click here, an opt-out cookie will be set to prevent future collection of your data when you visit this site: .

In addition, we use Google Conversion Tracking in connection with Google Analytics. This allows us to capture the behavior of our website visitors. For example, we see how many PDF's were downloaded on our website or how often the contact form was filled out. We also know how many clicks on ads from external sources (AdWords, LinkedIn, Xing, Bing) have taken us to our website.

For reasons of transparency, we would like to point out that we use the Google Tag Manager. The Google Tag Manager itself does not collect any personally identifiable information. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code used, among other things, to measure traffic and visitor behavior, capture the impact of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. We use the Tag Manager for Google Analytics, Google AdWords Conversion Tags, and Facebook Pixel. If you've disabled it, the Google Tag Manager will take that disabling into account. For more information about the Google Tag Manager, visit https://www.google.com/intl/de/tagmanager/use-policy.html.