Nestlé USA Privacy Notice

Effective: May 15, 2012

Last Updated: December 26, 2019

SCOPE OF THIS NOTICE

Please read this privacy notice ("Notice”) carefully to understand our policies and practices regarding your personal data and how we will treat it. This Notice applies to individuals who interact with Nestlé USA, Inc. services as consumers (“you”). This Notice explains how your personal data (which some jurisdictions may refer to as “personal information”) is collected, used, and disclosed by Nestlé, USA, Inc. and third parties acting on our behalf (collectively “Nestlé”, “We”, Us”). It also tells you how you can access and update your personal data and make certain choices about how your personal data is used.

This Notice covers both our online and offline data collection activities, including personal data that We collect through our various channels such as websites, apps, third-party social networks, consumer affairs, points of sale, and events where this policy is provided to you. Please note that We might combine personal data from different sources (website, offline event), including by combining personal data that were originally collected by different Nestlé entities or Nestlé partners. We also may combine data from third parties with data We already have.

In some instances, if you do not provide personal data to Us, We may not be able to provide you with certain goods and/or services. We will indicate to you when this is the case, for example, by stating so on our registration forms.

1. PERSONAL DATA THAT WE COLLECT ABOUT YOU

We collect various types of data from you, as described below.

Identifiers , including certain data defined as “personal information” in the California Customer Records law or as a protected classification under California or federal law. This data includes: Personal Contact Data : Any data you provide to Us that would allow Us to contact you, such as your name, postal address, e-mail address, social network details, or phone number.

, including certain data defined as “personal information” in the California Customer Records law or as a protected classification under California or federal law. This data includes: Account Login Data : Any data that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.

: Any data that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer. Certain Data from Your Computer/Mobile Device : Data about the computer system or other technological device that you use to access one of our websites or apps, such as the Internet protocol (IP) address used to connect your computer or device to the Internet and other online identifiers. If you access a Nestlé website or app via a mobile device such as a smartphone, the collected data will also include, where permitted, your phone’s unique device ID, advertising ID, and other similar mobile device data.

: Data about the computer system or other technological device that you use to access one of our websites or apps, such as the Internet protocol (IP) address used to connect your computer or device to the Internet and other online identifiers. If you access a Nestlé website or app via a mobile device such as a smartphone, the collected data will also include, where permitted, your phone’s unique device ID, advertising ID, and other similar mobile device data. Payment and Financial Data : Any data that We need in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial data in a manner compliant with applicable laws, regulations, and security standards such as PCI DSS.

: Any data that We need in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial data in a manner compliant with applicable laws, regulations, and security standards such as PCI DSS. Demographic Data & Interests : Any data that describes your demographic or behavioural characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g., ZIP code), favorite products, hobbies and interests, and household or lifestyle data. This may include data about your health, medical conditions, nutrition, and exercise habits and goals. It may include data about your children’s genders, feeding styles, birthdates, or expected due dates. It may also include data about work status or professional credentials. In some cases, this could include data that you give Us about someone else. For example, if you provide a friend’s email address for a tell-a-friend program. It may also include data about your pets and pet preferences. If you are a health care professional, We may collect data about your practice.

: Any data that describes your demographic or behavioural characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g., ZIP code), favorite products, hobbies and interests, and household or lifestyle data. This may include data about your health, medical conditions, nutrition, and exercise habits and goals. It may include data about your children’s genders, feeding styles, birthdates, or expected due dates. It may also include data about work status or professional credentials. In some cases, this could include data that you give Us about someone else. For example, if you provide a friend’s email address for a tell-a-friend program. It may also include data about your pets and pet preferences. If you are a health care professional, We may collect data about your practice. Third-Party Social Network Data : Any data that you share publicly on a third-party social network or data that is part of your profile on a third-party social network (such as Facebook) and that you allow the third-party social network to share with Us. Examples include your basic account data (e.g., name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional data or activities that you permit the third-party social network to share. We receive your third-party social network profile data (or parts of it) every time you download or interact with a Nestlé web application on a third-party social network such as Facebook, every time you use a social networking feature that is integrated within a Nestlé site (such as Facebook Connect), or every time you interact with Us through a third-party social network. To learn more about how your data from a third-party social network is obtained by Nestlé, or to opt out of sharing such social network data, please visit the website of the relevant third-party social network.

We use this data for a number of purposes, such as (1) consumer service purposes, including responding to your inquiries; (2) to provide you with information about goods or services; (3) personalization, such as to analyse your preferences and habits, anticipate your needs, improve and personalise your experience on our websites and apps, provide you with targeted advertising and content, and allow you to participate in interactive features; (4) order fulfilment; and (5) other general business purposes, such as internal or market research, analytics, and security. To learn more about these uses, visit Section 4, below.

We disclose this data within the Nestlé S.A. family of companies, as well as with our service providers and third parties, as described in Section 5, below.

Internet or Other Similar Network Activity. This data includes websites and communication usage data. As you navigate through and interact with our websites/apps or emails, We use automatic data collection technologies to collect certain data about your device(s) and your actions. This includes data such as which links you click on, which pages or content you view and for how long, and other similar data and statistics about your interactions, such as content response times, download errors, and length of visits to certain pages, as well as operating system type and web browser type and version. This data is captured using automated technologies such as cookies and web beacons and is also collected through the use of third-party tracking for analytics and advertising purposes.

We use this data for a number of purposes, such as personalization and other general business purposes, like internal or market research, analytics, and security. To learn more about these uses, visit Section 4, below. We disclose this data within the Nestlé S.A. family of companies, as well as with our service providers and third parties, as described in Section 5, below.

Commercial Information. This data includes data described in the “Demographic Data & Interests” section above, data relating to your purchasing or consuming histories or tendencies, and the following:

Market Research & Consumer Feedback : Any information that you share with Us about your experience of using our products and services.

: Any information that you share with Us about your experience of using our products and services. Consumer-Generated Content : Any content that you create and then share with Us on third-party social networks or one of our websites or apps. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third-party social networking.

We use this data for a number of purposes, such as (1) consumer service purposes, including responding to your inquiries; (2) personalization, such as to analyse your preferences and habits, anticipate your needs, improve and personalise your experience on our websites and apps, provide you with targeted advertising and content, and allow you to participate in interactive features; (3) other general business purposes, such as internal or market research, analytics, and security. To learn more about these uses, visit Section 4, below.

We disclose this data within the Nestlé S.A. family of companies, as well as with our service providers and third parties, as described in Section 5, below.

Biometric Information . This data may include information about your health and medical conditions, as well as photos and videos that you share with us as consumer-generated content, as described above. This data is used and shared in the same way as the “Identifiers” and “Commercial Information” described above.

. This data may include information about your health and medical conditions, as well as photos and videos that you share with us as consumer-generated content, as described above. This data is used and shared in the same way as the “Identifiers” and “Commercial Information” described above. Geolocation Data . This data is used and shared in the same way as the “Identifiers” and “Commercial Information” described above.

. This data is used and shared in the same way as the “Identifiers” and “Commercial Information” described above. Audio, Electronic, Visual, or Similar Information . This data may include photos and videos that you share with us as consumer-generated content or via third-party social networks, as described above, as well as recordings of and information you provide during your conversations with consumer affairs. We may also visually record your interactions with our website, including your mouse clicks, movement, scrolling, and navigation through our website. This data is used and shared in the same way as the “Commercial Information” described above.

. This data may include photos and videos that you share with us as consumer-generated content or via third-party social networks, as described above, as well as recordings of and information you provide during your conversations with consumer affairs. We may also visually record your interactions with our website, including your mouse clicks, movement, scrolling, and navigation through our website. This data is used and shared in the same way as the “Commercial Information” described above. Inferences. We may draw inferences from the data We collect from and about you to create a profile reflecting your preferences, characteristics, and behaviour. We use this data for personalization and other general business purposes, such as internal or market research, analytics, and security. To learn more about these uses, visit Section 4, below. We disclose this data within the Nestlé S.A. family of companies, as well as with our service providers and third parties, as described in Section 5, below.

2. HOW WE COLLECT PERSONAL DATA ABOUT YOU

We collect personal data directly from you, when you choose to provide it to us . For example, We collect data when you place an order with us. We collect data when you register on one of our websites or apps. We collect data when you become a member of a loyalty program. We collect data when you sign up for our emails. We collect data from printed or digital registrations and similar forms that We collect via, for example, postal mail, in-store demos, contests, and other promotions or events. We collect data if you fill out a survey or use other tools on your websites or apps. We also collect data if you contact Us through our websites or apps, via email, or through social media.

We collect data from you passively . For example, We use tracking tools like browser cookies and web beacons. We do this on our websites and in emails that We send to you. We collect data about users over time when you use this website. This includes usage and browser data. We may have third parties collect data this way. We also collect data from our mobile apps.

We get data about you from other sources . For example, our affiliates and business partners may give Us data about you. We may receive data from companies who compile information about shoppers and their preferences. Social media platforms may also give Us data about you. We may get data about your interactions with our ads on third-party sites.

3. PERSONAL DATA OF CHILDREN

We do not knowingly solicit or collect personal data from children below the age of 13. If you are a parent or legal guardian and think that your child under 13 has given Us data, you can contact Us in writing or by email as provided below under the section titled CONTACT. Please mark your inquiries “COPPA Information Request.” We do not knowingly sell the personal data of minors under the age of 16 without affirmative authorization.

4. USES FOR YOUR PERSONAL DATA

The following paragraphs describe the various purposes for which We collect and use your personal data, and the different types of personal data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual.

Consumer service . We use your personal data for consumer service purposes, including responding to your inquiries. This typically requires the use of certain personal contact data and information regarding the reason for your inquiry (e.g., order status, technical issue, product question/complaint, general question, etc.).

Contests, marketing, and other promotions . We may use your personal data to provide you with information about goods or services (e.g., marketing communications or campaigns or promotions). This can be done via email, ads, SMS, phone calls, and postal mailings to the extent permitted by applicable laws. On occasion, these communications may also introduce you to other affiliated brands and partners and inform you about products, services, offers, and promotions from other companies and organizations. Some of our campaigns and promotions are run on third-party websites and/or social networks. For more information about our contests and other promotions, please see the official rules or details posted with each contest/promotion. We may use your friend’s email address to send them information you request through a “tell-a-friend” feature.

Third-party social networks . We use your personal data when you interact with third-party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third-party social networks. You can learn more about how these features work and the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third-party social networks.

Personalization . With your consent (where required), We may use your personal data (i) to analyse your preferences and habits, (ii) to anticipate your needs based on our analysis of your profile, (iii) to improve and personalise your experience on our websites and apps; (iv) to ensure that content from our websites/apps is optimised for you and for your computer or device; (v) to provide you with targeted advertising and content, and (vi) to allow you to participate in interactive features, when you choose to do so. For example, We remember your login ID/email address or screen name so that you can quickly login the next time you visit our site or so that you can easily retrieve the items you previously placed in your shopping cart. Based on this type of information, and with your consent (where required), We also show you specific Nestlé content or promotions that are tailored to your interests.

Order fulfilment . We use your personal data to process and ship your orders, inform you about the status of your orders, correct addresses, and conduct identity verification and other fraud detection activities. This involves the use of certain personal data and payment information.

Other general purposes (e.g. internal or market research, analytics, security) . In accordance with applicable laws, We use your personal data for other general business purposes, such as maintaining your account, conducting internal or market research and measuring the effectiveness of advertising campaigns. We reserve the right, if you have Nestlé accounts, to reconcile those accounts into one single account. We also use your personal data for management and operation of our communications, IT, and security systems.

5. DISCLOSURE OF YOUR PERSONAL DATA

The following paragraphs describe how We disclose your data.

The Nestlé S.A. family of companies . We may share data within the Nestlé S.A. family of companies, which includes all direct and indirect subsidiaries of parent company Nestlé S.A.

Service providers . We share data with our service providers. These are external companies that We use to help Us run our business (e.g., order fulfilment, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development, data analysis, CRC, etc.).

Credit reporting agencies/debt collectors . To the extent permitted by applicable law, credit reporting agencies and debt collectors are external companies that We use to help Us to verify your creditworthiness (in particular for orders with invoice) or to collect outstanding invoices.

Third party companies using personal data for their own purposes . We may share data with third parties, which they may use for their own purposes. This may include their own marketing purposes. They may send or provide you with offers for products or services that may interest you. We may also permit third parties to collect data about you on our websites or apps for their own purposes.

Sharing personal data for legal reasons or due to merger/acquisition . In the event that Nestlé or its assets are acquired by, or merged with, another company including through bankruptcy, We will share your personal data with any of our legal successors. We will also disclose your personal data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety, or property, or the public; or (v) to enforce the terms of any agreement or the terms of our website.

6. DATA PROTECTION AND RETENTION

We use reasonable and appropriate security measures as required by applicable law . The transmission of information via the Internet is, unfortunately, not completely secure, and despite our efforts to protect your personal data, We cannot guarantee the security of the data during transmission through our websites/apps. It is important that you also play a role in keeping your personal data safe and secure. When signing up for an online account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the computer. You should also make use of any privacy settings or controls We provide you in our websites/apps.

Retention of personal data . We keep personal data as long as it is necessary or relevant for the practices described in this Notice. We also keep personal data as otherwise required by law.

7. YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA

We strive to provide you with choices regarding the personal data that you provide to Us. The following mechanisms give you the following control over your personal data:

Advertising, marketing, and promotions . You can opt out of marketing emails by following the instructions provided in each such communication. Please note that even if you opt out from receiving marketing communications, you will still receive administrative communications from Us, such as order or other transaction confirmations, notifications about your account activities (e.g., account confirmations, password changes, etc.), and other important non-marketing-related announcements.

Cookies, tracking tools, and targeted advertising . We and the service providers and third parties with whom We work use several common tracking tools, including cookies, web beacons, flash cookies, and similar technologies, for a variety of reasons. These reasons include (1) recognizing new or past customers; (2) storing passwords for registered users; (3) improving our websites and apps; (4) understanding the interests of our customers and website visitors; and (5) personalizing your experience, including by serving you with advertising content in which We think you will be interested (also known as interest-based advertising).

You can control certain tracking tools . Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. To control flash cookies, which We may use on certain websites from time to time, you can go to Macromedia’s Global Security Setting panel.

Our Do Not Track Policy. Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop.

Certain options you select are browser and device specific.

You can opt out of behavioral advertising by participating companies . To opt out of having you online behavior recorded and used for advertising purposes by participating companies, please visit the Digital Advertising Alliance’s (“DAA”) Consumer Choice Tool for Web. The DAA also offers a tool for opting out of the collection of cross-app data on a mobile device for interest-based advertising. To exercise choice for companies participating in this tool, download the AppChoices app.

Certain choices you make are both browser and device-specific.

8. THIRD-PARTY WEBSITES AND SERVICES

We may link to third-party websites or apps, including social media platforms. This Notice does not apply to, and We are not responsible for, the privacy practices of these third-party websites or apps. Please read their privacy policies carefully.

Our websites or apps may also include third-party content that collects data. This includes data collected by cookies, pixels, or other tracking tools. We do not control these third parties or their tracking tools.

9. YOUR CALIFORNIA PRIVACY RIGHTS

California residents may also take advantage of the following rights:

Access . You may request, up to two times each year, that We disclose to you the personal data (i.e., “personal information,” as the California Consumer Privacy Act (“CCPA”) defines the term) that We collect, use, disclose, and sell about you. In response to a verified request, We will provide (1) the categories and specific pieces of personal data that we have collected, (2) the categories of sources from which that data is collected, (3) the business or commercial purpose for collecting it, (4) the categories of third parties with whom We shared (including sold, as applicable) that data, and (5) the business or commercial purpose for sharing (including selling, as applicable) that data.

You may request, up to two times each year, that We disclose to you the personal data (i.e., “personal information,” as the California Consumer Privacy Act (“CCPA”) defines the term) that We collect, use, disclose, and sell about you. In response to a verified request, We will provide (1) the categories and specific pieces of personal data that we have collected, (2) the categories of sources from which that data is collected, (3) the business or commercial purpose for collecting it, (4) the categories of third parties with whom We shared (including sold, as applicable) that data, and (5) the business or commercial purpose for sharing (including selling, as applicable) that data. Delete . You may request that We delete any personal data that We have collected from or about you. Note that there are some reasons we will not be able to fully address your request, such as if We need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, to use the data for solely internal purposes, or to comply with a legal obligation.

You may request that We delete any personal data that We have collected from or about you. Note that there are some reasons we will not be able to fully address your request, such as if We need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, to use the data for solely internal purposes, or to comply with a legal obligation. Sale Opt-Out (if applicable). If We disclose your personal data to third parties for their direct marketing purposes, you may opt out of such disclosure. To effect the opt out, please click on the Do Not Sell My Personal Information link in the website footer or contact us as instructed below.

To take advantage of any of these rights, or if you have any questions or concerns, please contact us at nestleconsumerprivacy@us.nestle.com or 800-225-2270. For verification purposes, We may request your first and last name, email address and any email address You may have used when registering with Nestlé USA, Inc., phone number including any other phone number used at registration, and a physical mailing address. If someone else will be making the request on your behalf, please provide a notarized letter that verifies that individual’s identity and authorizes him/her to make this request on your behalf. Please mail the notarized letter at the address provided below in Section 11 Contacts. We value your privacy and will not discriminate in response to your exercise of your privacy rights. We will respond to your access or deletion request within 45 days of receipt of your request, after proper verification, unless we need additional time, in which case we will let you know. We will honor your sale opt-out request within 15 days.

10. CHANGES TO THIS NOTICE

If We change the way We handle your personal data, We will update this Notice. We reserve the right to make changes to our practices and this Notice at any time; please check back frequently to see if there have been any updates or changes to our Notice.

11. CONTACT

To contact us about this Notice and/or our privacy practices, please contact Us at nestleconsumerprivacy@us.nestle.com, 1812 N. Moore Street, Arlington, VA 22209, or 800-225-2270.