Privacy Statement – Aptamil Follow on Milk Events

Basic principles and our privacy commitment

At Danone we are committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have therefore committed ourselves to the following basic principles:

  • You have no obligation to provide any personal data requested by us. However, if you choose not to provide any personal data requested by us, we may not be able to provide you with some services or products.
  • We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to.
  • We aim to collect, process and use as little personal data as possible.
  • When we do collect your personal data, we aim to keep it as accurate and up to date as possible.
  • If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
  • Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement.

Who does this Privacy Statement apply to?

This Privacy Statement is applicable to the attendees or prospective attendees at the following Danone organised event: Aptamil Follow on Milk Ready to Drink Picnic (the “Event”) and describes how and why Danone collect and uses your personal data in connection with our Event.

What this Privacy Statement contains

Who are we?

Nutricia Limited trading as Danone UK is responsible for the personal data that you share with us. When we say “Danone”, “us”, “our” or “we”, we are referring to Nutricia Limited. In accordance with regulations applicable to the processing of personal data, Danone is the “data controller”.

Nutricia Limited

Newmarket House, Newmarket Avenue, White Horse Business Park, Trowbridge, Wiltshire, BA14 0XQ

Nutricia Limited is a subsidiary of Danone SA. If you want to know more about Danone and its products, please visit https://www.danone.co.uk.

What personal data do we collect and how?

By personal data, we refer to any information about a person from which that person can be identified. This does not include data for which the identity has been deleted (anonymous data).

We, or third parties acting on our behalf (e.g. Eventbrite, Inc), will collect the following personal data from you in connection with your registration for and attendance at the Event, including:

  1. First name and surname;
  2. Contact information such as your email address;
  3. Maternal information about yourself and age range of your child so that we may comply with infant formula legal and regulatory obligations in the UK;
  4. Any information you provide in respect of the Event itself (such as providing feedback, answering surveys, participating in competitions or games, recordings or interviews and pictures during the Event and/or any content you submit as part of the Event (e.g. if you ask a question); and
  5. Any dietary, accessibility or other requirements (where applicable). To the extent this includes information about your health, please see the "Special categories of data" section below.

We will collect your personal data directly from you.

You may give us this personal data by:

  1. registering for or attending the Event;
  2. entering or participating in a survey, research activity, game, contest, or competition run by us, or third parties on our behalf;
  3. submitting an enquiry or request to us, contacting us by phone, email or other means;
  4. filling in webforms such as registering for an event or contacting us in relation to an event (via Eventbrite or directly to Danone via both online and offline forms);
  5. visiting our websites or applications; or
  6. by posting or commenting on our social media pages (such as Facebook or Instagram) or engaging with our other digital media communications.

We may also receive personal data about you from third parties such as: our business partners, including marketing agencies, family, friends and others who provide your personal data to us because you have consented to or they think you may be interested in our products and services or they want to share a product or service with you; and other third parties such as media providers/owners, public and third party websites, social media platforms, advertising platforms, our suppliers or our group companies (referred to in this Privacy Statement as "third parties" or "suppliers").  

When you visit our website, we, or third parties acting on our behalf (e.g Eventbrite, Inc), may collect and use information about you such as the following:

  1. personal data created and recorded as you use our websites, apps and/or services, including:
  2. technical information– this includes the Internet Protocol (IP) address used to connect your device to the internet address; the type of device you use; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform; and
  3. information about your visit and your behavior on our websites and/or apps (such as the pages that you click on) – this may include time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs, information shared with others, including through email and social media), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads. 

Some of this data is collected via cookies and similar tracking technologies - see our Cookie Statement https://www.aptaclub.co.uk/about-aptaclub/cookie-policy.html for further details on this.

You will also find Eventbrite’s Cookie Statement here  https://www.eventbrite.co.uk/help/en-gb/articles/666792/eventbrite-cookie-policy/

When you contact us with enquiries related to the Event (e.g. via Eventbrite or via our consumer contact centres), we, or third parties acting on our behalf, may collect and use information about you such as the following:

  1. your first and last name including your title;
  2. your email address;
  3. your telephone number;
  4. information provided when you correspond with us (such as via Eventbrite or via our care lines and/or customer service lines or social media) which might include call recordings if you call us directly – to the extent this includes information about your health, please see the "Special categories of data" section below;
  5.  information about people other than you, such as personal data about your family members, when you provide such information directly to us; and
  6. any updates to information provided to us.

We may also collect personal data about you from other sources when:

  1. you share content on social media pages, websites or applications related to the Event or in response to our promotional material on social media;
  2. we collect your personal data from other public sources (e.g. comments on other websites than ours) that mention Danone or one of its brands;
  3. when you open and/ or click on a link in an email one of our third parties have sent to you on our behalf. This allows us to see how well our communications with you are performing; and
  4. your insights data is provided to us by third parties (i.e. media providers, marketing technology or advertising technology solutions), such as your demographic data (e.g. age, parental status), your location and your interests. Some of this data may have been collected from the use of cookies and other similar tracking technologies.  

Special categories of data

In principle Danone does not seek to process sensitive data relating to you. However, some of the personal data that we collect about you or which you provide to us may be considered as special category data, often relating to health and wellbeing (such as dietary or accessibility requirements). 

We will only collect and process this type of data if you give us your explicit consent, or in any other circumstances permitted by law (such as defense of legal claims).

The purpose and legal basis for collecting and using personal data

We will use your personal data to manage registration, attendance and participation at the Event and to ensure that any special requirements that you request are communicated to any relevant third party providers, where required.

We may take photographs in public areas at our Event, and we may use these in our marketing materials.

Where you have opted in for further communication from us, we will use your information to send these communications to you.

The table below shows in more detail the purposes for which we collect and use your personal data, as well as the legal bases for our use for your personal data. Further information on our legal bases is set out after the table.

Our purpose(s) for processing your personal data

Our legal basis

Managing our relationship with you
  • To   communicate   information   to   you   and   to   manage   your registration (and attendance) at an event, or participation in a competition or promotion organised by us or a third party acting on our behalf.
  • To manage your subscription to our newsletters or other marketing communications and consents (where relevant).
  • To register you to attend an event organised by us or via a third party, for example to place you on a guest-list to the event, to provide associated support with your attendance at the event, and to help us better understand what products and services you would like to receive information about in the future following the event.
  • To receive, and respond to, enquiries from you about the Event and our products and services.
  • To ask you to leave a review, provide feedback or complete a customer survey or participate in market research following the Event.
  • To send you service communications (e.g. information such as reminders, updates related to the Event via Eventbrite or information about any changes to our terms and conditions or this Privacy Statement).
  • To keep track of our interactions with you
  • To keep a record your consents or acknowledgements given and to manage your data subject rights requests (where applicable)
  • Contractual necessity
  • Legitimate interests
  • Compliance with legal obligations
Marketing our products or services
  • We may take photographs in public areas at our Event, and we may use these in our marketing materials.
  • To send you updates, news, promotional, marketing and other communication materials by any means (e.g. telephone, post, email, social media and instant messaging applications), with consent where required by applicable laws, unless you have told us that you would rather not hear from us
  • To determine the effectiveness of these communications, promotional campaigns and advertising, including by analyzing information collected with the help of external sources
  • To send information about other events that may be of interest to you (virtual or face to face events)
  • To recommend relevant products and services, including based on your health data where we have obtained your explicit consent
  • To show you personalized content or advertising either directly or through third party websites and apps as well as through traditional and social media campaigns.
  • Legitimate interests
  • Consent (where you have given it)
Managing and improving our events, processes and business operations
  • To request feedback on the Event and or products and services to provide us with insights and when you respond to such requests
  • To provide, improve, maintain, keep secure and provide technical support in relation to our websites and apps
  • To manage, develop and improve our products, services and communications
  • To manage our network and information security systems
  • For fraud prevention purposes
  • For training and quality assurance purposes
  • Legitimate interests
  • Consent (where you have given it)
Other purposes
  • To follow applicable laws and regulations
  • To authenticate your identity for security purposes, as well as where we are required to do so in accordance with a legal obligation
  • To ensure your safety and security and that of others at the Event
  • To establish exercise or defend our legal rights
  • To investigate and take action against illegal or harmful behavior of users
  • To protect Danone, your vital interests, or those of another person
  • Legitimate interests
  • Compliance with legal obligations

When we collect and use your personal data for new purposes, we will inform you before or at the time of collection (and ask for your consent when required), unless we reasonably consider that this purpose is compatible with the original one as detailed above.

Legal basis

We consider that the legal bases for using your personal data as set out in this Privacy Statement are as follows:

a)      Contractual necessity: our use of your personal data is necessary to perform our obligations under any contract with you or to take steps prior to entering a contract with you

b)      Compliance with legal obligations: our use of your personal data is necessary for complying with our legal obligations.

c)      Legitimate Interests: our use of your personal data is necessary for our legitimate interests or the legitimate interests of others.   Whenever we collect and use your personal data on the legal basis of legitimate interests, we take care it does not outweigh your rights as an individual. Our legitimate interests might include the following:

i.      running, growing, and developing our events, products and services;   

ii.      ensuring a safe working environment for our staff and visitors to the Event;

iii.      marketing, market research and business development; and

iv.      for internal group administrative purposes.

d)      Consent: We may process your personal data on the basis of your consent. Where you have given consent, but you later change your mind, you may withdraw your consent by contacting us and we will stop doing processing your personal data in this way. However, if you withdraw your consent, this may impact our ability to provide our products and associated services to you.

Links to other websites

Our websites and apps may contain hyperlinks to third party websites, plug-ins or applications that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators.

This Privacy Statement only applies to the personal data that we collect or which we receive from third party sources and over which we act as a data controller, and we cannot be held responsible for personal data about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal data to these websites.

We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

Social media and other user generated content

Some of our websites and apps allow users to submit their own content. Please remember that any content submitted on our product/brand page(s) on social media platforms can be viewed by the public and reposted, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our product/brand page(s) on social media platforms. We reserve the right to delete user generated content that doesn’t comply with the relevant terms & conditions.

Children's personal data

If we discover that we have collected personal data from a child without consent from a parent or legal guardian where such consent should have been obtained, we will delete that personal data as soon as practical. 

Sharing data with third parties

When we share your personal data with Danone affiliates and other organizations, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.

Your personal data will be shared with the following third parties for the purposes described:

Third Party

Service

Location of processing

Eventbrite, Inc

Events management, ticketing and registration platform.You can access Eventbrite’s Terms of Service and Privacy Policy on its website.USA
Event OrganizerTo support with registrations/queries and organize and manage events on our behalf.UK

Marketing

Agency

To take photography of the event.

UK

In addition, your personal data may be shared with the following third parties for the purposes described below:

a)      Other Danone companies/entities: Where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of products to our customers, corporate strategy, merger and acquisition operations, compliance, auditing and monitoring, research and development and quality assurance).

b)      Third party service providers and subcontractors: Including those which:

i) assist us to carry out your requests, respond to your inquiries, provide you with samples, enable you to participate in a competition, such as logistics providers, sponsors and customer support providers;

ii) perform core information technology and other business-related services, such as website/app development providers, cloud hosting providers, management and evaluation service providers, data analysts, utility providers, insurers;

iii) assist in the organization of our events, marketing, advertising and promotional activities; or

iv) provide analytics and optimization services relating to our websites and apps.

c)      Business transfer recipients: Where we sell or buy any business or assets, (such as a merger/absorption), to the prospective seller or buyer of such business or assets, or where substantially all of our or any of our affiliates' assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data controller processes your data and its privacy statement governs the processing of your personal data.

d)      Legal disclosure recipients: Where we are obliged by law to disclose your personal data (e.g. to government or law enforcement bodies) or where disclosure is required to protect our rights or those of our staff, customers or other third parties.

Save as expressly detailed above, we will never share, sell or rent any of your personal data to any third party without notifying you and, where necessary, obtaining your consent.

Sharing personal data internationally

Your personal data may be used, stored and/or accessed by staff operating outside the EEA or the UK working for us, other members of our group or our trusted third parties.

If we provide any personal data about you to any such non-EEA and non-UK members of our group or trusted third-parties, we will take appropriate measures to ensure that the recipient protects your personal data adequately, such as:

a)      ensuring that there is an adequacy decision by the European Commission in the case of transfers out of the EEA or by the UK Government in the case of transfers out of the UK;

b)      having in place standard model contractual arrangements with the recipient which have been approved by the European Commission (or the UK Government for transfers out of the UK);

c)      any other safeguarding mechanism permitted by law.

How we protect your personal data

We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data, and we require that trusted third parties who handle your personal data for us do the same. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.

In the course of provision of your personal data to us, your personal data may be transferred over the internet.  Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal data transmitted to our website and that any such transmission is at your own risk. Then, once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access to it.

Where you have chosen a password which enables you to access your online account, you are responsible for keeping this password confidential. 

How we store your personal data

We keep your personal data for no longer than necessary for the purposes for which the personal data is processed.  The length of time for which we retain personal data depends on the purposes for which we collect and use it, for the duration of your contractual relation with us and/or as required to comply with applicable laws and regulations as well as to establish, exercise or defend our legal rights.

For example, where you register for an event, we will keep the personal data related to your registration, so we can perform the specific contract you have entered. After that, we will keep the personal data for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase or registration.

After the established deadlines, the data is either deleted or retained after being anonymized, especially for statistical purposes. It should be noted that deletion or anonymization are irreversible operations, and that Danone is no longer able, thereafter, to restore this data.

Your rights

Where we process your personal data, you are entitled to a number of rights established in the relevant applicable laws and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights by contacting us here 

We will consider all such requests and, in accordance with the applicable laws, will provide our response within a reasonable period, or within the period prescribed by law. Please note, however, that we may rely on certain exemptions to complying with your requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.  If an exemption applies, we will tell you this when responding to your request.

We may request you provide us with information necessary to confirm your identity before responding to any request you make. 

The right to be informed

You have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Statement.

The right to access your personal data and correction

You have the right to access the personal data we hold about you, as well as correct, update or complete it at any time.

The right to deletion of your personal data

You have right to request that we delete your personal data. However, this is not an absolute right and we may have legitimate, legal and regulatory reasons to retain your personal data.

The right to object

Under certain circumstances, you have the right to object to certain types of processing based on grounds relating to your particular situation when such processing is based on our or another's legitimate interest. If you exercise this right, we will stop using your personal data for this purpose, unless we can demonstrate compelling legitimate grounds to continue processing your personal data that would outweigh your interests, rights and freedoms. You have the right to object to the processing of your personal data for direct marketing activities (for example, by clicking on the unsubscribe link in our emails). 

The right to withdraw consent

Where we rely on your consent to process personal data, you have the right to withdraw consent at any time, without affecting our processing of your personal data before you withdrew consent.

The right to restriction of processing

Under certain circumstances you have the right to restrict the processing of your personal data if:

a)      you do not believe the personal data we have about you is accurate; or

b)      you consider that the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or

c)      we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or

d)      you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.

The right to data portability

Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies to personal data you have provided to us and where the processing: (i) is based on your consent or takes place for the performance of a contract; and (ii) it takes place by automated means.

The right to lodge a complaint with a supervisory authority

If you think that we have not met the data protection or privacy requirements, you have the right to make a complaint to the data protection authority in the country where you usually live or work, or where an alleged infringement of applicable data protection laws has taken place. 

If you want to bring a specific complaint against Danone for the way your personal data has been processed or if you are not able to resolve a problem directly with us, you can raise a complaint directly with the UK Information Commissioner’s Office https://ico.org.uk/for-the-public.

UK Information Commissioner’s Office

Mailing Address: Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF

Phone Numbers: +44 303 123 1113

Email Address: casework@ico.org.uk

You can also contact our Data Protection Officer directly at DPO.UKIE@danone.com.

How to contact us

If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us via our contact page  or write to us at Data Protection Office, Nutricia Limited, Newmarket House, Newmarket Avenue, White Horse Business Park, Trowbridge, Wiltshire, BA14 0XQ.

You can also contact us via DPO.UKIE@danone.com .

Finally, you can contact our Group Data Protection Office via email at dpo.group@danone.com or write to us at Data Protection Office, Danone SA, 17 Boulevard Haussmann, 75009, Paris, France.

Changes to our privacy statement

We may update our Privacy Statement from time to time (for example, to comply with changes in laws or regulations, our practices, procedures and organizational structures, requirements imposed or recommended by supervisory authorities or otherwise). Any changes we make to our Privacy Statement in the future will be posted on this page and will be applicable on the effective date of implementation.  Where we are legally required to do so, we will notify you of any changes. Please check back frequently to see any updates or changes to our Privacy Statement.  

This Privacy Statement was last updated 8 June 2023.

x