Nutricia Limited with its address at Newmarket Avenue, Whitehorse Business Park, Trowbridge, Wiltshire BA14 0X, England knows that you care how your personal data is used and we recognize the importance of protecting your privacy.
This Privacy Policy explains how Nutricia Limited (“Nutricia”, “we”, “our”, “us”) acting as Data Controller collects and manages your personal data. It contains information on the data we collect, how we use it, why we need it and how it can benefit you. This is our Privacy Policy for healthcare professionals (“HCPs”). If you are a consumer, patient or carer please click here to see the privacy notice relevant to you.
Contact us at Data Protection Officer, Newmarket Avenue, Whitehorse Business Park, Trowbridge, Wiltshire BA14 0X, England or click here if you have any queries and comments, or if you want to make a request regarding any of your data subject rights.
This Privacy Policy was last updated on 16 September 2021.
Nutricia is committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have, for the purposes of complying with our legal obligations to you, committed ourselves to the following basic principles:
By personal data, we refer to any information about a person from which that person can be identified. This does not include data for which the identity has been deleted (anonymous data).
The personal data we collect varies depending upon the purpose of the collection, how you interact with us (for example online, offline or over the phone) and the product or service we are providing you.
Nutricia collects and uses some or all of the following categories of personal data for the purposes described in this Privacy Policy:
We collect your personal data directly from you via the following sources, this collection includes when:
We may also collect personal data about you indirectly when:
a) you share content on social media pages, websites or applications related to our products or services or in response to our promotional material on social media;
b) we may collect personal data about you from information collected by other third party websites (for instance, we may place an ad on a third party website, and when you click on that ad, we may receive information about you and other website visitors in order to measure the reach and success of that ad);
c) we may collect data about when you open and/ or click on a link in a Nutricia email. This allows us to see how well our communications with you are performing;
d) you provide a reference to us and we contact that person for information about you;
e) a patient of yours provides your name and details to us;
f) we may collect information about you which is available from publicly available sources such as UK Medical Directories or if you have published an article in an academic journal; or
g) we may collect professional details made available by third party healthcare database providers or event/conference organisers; or third party providers such as OneKey (which is a provider of a worldwide healthcare professional’s database).
We may combine this data with information we already hold about you. We may process this information for the purposes described below under the legal grounds of legitimate interests.
We collect your personal data so we can perform any contract we have with you; provide you with the best online experience and to provide you with a high quality of customer service.
We collect, hold, use and disclose your personal data for the following purposes:
a. Customer service
We use your personal data:
The legal basis for processing your data for this purpose is:
b. E-learning management
We use your personal data:
The legal basis for processing your data for this purpose is:
c. Communications, personalisation and marketing
We use your personal data:
The legal basis for processing your data for this purpose is:
d. Development and enhancement of our products, services, events, communication methods and the functionality of our websites:
We use your personal data:
The legal basis for processing your data for this purpose is:
We may also need your personal data to comply with legal obligations to you, your patients for example payment disclosures (transfer of value) where appropriate, or in the context of a contractual relationship that we have with you.
When we collect and use your personal data on the legal basis of our legitimate interests, we believe the risk to your data protection rights in connection with personal data is not excessive or overly intrusive. We have also put in place protections for your rights by ensuring proper retention periods and security controls.
When we collect and use your personal data for new purposes, we will inform you before or at the time of collection unless we reasonably consider that we need to use your personal data for another reason and that reason is compatible with the original purpose of collection as detailed above.
Where legally required to do so or where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time by informing us of your decision. If you wish to withdraw your consent, please contact us via this link.
Marketing
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. Where legally required to do so or where appropriate, we will ask for your consent to process your personal data for marketing purposes, otherwise we may rely on legitimate interests to process your personal data collected in a professional capacity for our marketing purposes.
Where you have given your consent to do so, we may share your personal data with a named third-party organisation for them to supply you with marketing materials. We will always obtain your opt-in consent before we share your personal data with any named third party for marketing purposes.
Opting out
You can ask us or our third parties to stop sending you marketing messages at any time by visiting the update my details page and changing your preferences on your Nutricia account (if you have an account with us), or by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving marketing messages, this will not apply to service or transactional messages e.g communications related to product/service purchases or requests, product/service experience, or communications that contain content that we are legally or contractually obliged to inform you of for example product recalls or safety notifications.
Where we process your personal data, you are entitled to a number of rights and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. Should you want to exercise your rights, please contact us via this link. If you have a Nutricia.co.uk account, you can also change your preferences any time by visiting and update my profile page.
Some of these rights only apply in certain circumstances and so are not guaranteed or absolute rights. Please contact our Data Protection Officer if you have any questions about your rights.
The right to access your personal data and correction
You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact us via this link.
The right to data portability
Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies where:
a) The processing is based on your consent;
b) The processing takes place for the performance of a contract;
c) The processing takes place by automated means
If you wish to exercise your right to data portability, please contact us via this link.
The right to deletion of your personal data
You have the right to request that we delete your data if:
a) your personal data is no longer necessary in relation to the purposes for which we collected it; or
b) you withdraw the consent that you had previously given us to process your personal data, and there is no other legal ground to process that personal data; or
c) you object to us processing your personal data for direct marketing purposes; or
d) you object to us processing your personal data for Nutricia’s legitimate interests (such as improving overall user experience on websites);
e) the personal data is not being processed lawfully; or
f) your personal data needs to be deleted to comply with the law.
If you wish to delete the personal data we hold about you, please contact us via this link. Alternatively, you can contact the Resource Centre during office hours Monday to Thursday 9am – 5pm and Friday 9am – 4pm by calling 01225751098. We will respond to your request in accordance with our legal requirements.
If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will delete, destroy or permanently anonymise it. This is discussed in further detail below.
The right to restriction of processing
You have the right to restrict the processing of your personal data if:
a) you do not believe the personal data we have about you is accurate; or
b) the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
c) we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
d) you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data. If you wish to restrict our processing of your personal data, please contact us via this link and we will respond to your request in accordance with our legal requirements.
The right to object
You have the right to object to the processing of your personal data at any time. Please contact us via this link.
The right to withdraw consent
Where legally required to do we will ask for your consent to process the personal data. When we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to this withdrawal. If you wish to withdraw your consent, please contact us via this link.
The right to lodge a complaint with a supervisory authority
While we would be grateful if you lodged any complaints with us, you have the right to lodge a complaint directly with the Information Commissioner’s Office about how we process personal data.
For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact the Information Commissioner’s Office at:
Mailing Address: Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
Phone Number: +44 303 123 1113
Email Address: casework@ico.org.uk
You can also contact our Data Protection Officer directly at DPO.UKIE@danone.com.
We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. We have implemented a number of security measures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
When we share your personal data with affiliates of Nutricia Limited and other organizations as described below, we make sure we only do so with organizations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.
Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Policy. We may, however, share your data when required by law and/or government authorities.
Trusted third parties may assist us in providing specific services or functions on our behalf, such as IT services, both internal and external. This includes platform providers, hosting services, maintenance and support on our website as well as on our software and applications that may contain data about you, or to perform on our behalf the statistical analyses associated with the use of the website, apps or e-learning platforms.
Your personal data will be shared with the following third parties for the purposes described:
Category of third parties | Data type | Purposes |
---|---|---|
External Processors | ||
Adobe Audience Manager | Non-identifying Nutricia website membership data | To show you products and services appropriate to topics of interest. |
Online behavioural data | To allow Nutricia to see how well adverts perform on our website. | |
Commerce Tools (ecommerce platform) | HCP name, email and address, product ordered. Patient name and address. | To allow the order and delivery of requested product samples. |
Behavioural data | To allow Nutricia to see how well adverts perform. Retargeting for the purpose of advertising to users who have been on the website. | |
Google Analytics | Anonymised membership data | To analyse user behaviours on a website and email the allow us to enhance your experience. |
Adobe Analytics | Anonymised membership data | Analyse user behaviours on a website and email the allow us to enhance your experience. Retargeting for the purpose of advertising to users who have been on the website. |
Adobe Campaign | Name, email address, areas of interest | To provide you with newsletters and other marketing communications relating to our business which we think may be of interest to you by email. |
One Key Database | HCP name, speciality, work address and relevant NHS Trust, product ordered and OneKey ID. | For the management of your online account, internal reporting and deployment of sales reps. |
CRM | HCP name and work address, email, areas of interests, products ordered, events and webinars attended, consents | For the creation and management of your Nutricia profile whereby we can identify products, events or services that may be of interest to you, manage consents and perform internal reporting. |
Logistic companies e.g Ceva logistics | Patient/HCP/ Carer/Consumer name, address and product ordered | For the delivery of required product samples. |
MPS mailing house | Name, postal address | Sending hard copy communications. |
Wavecast Ltd. | Name, Email Address, areas of interest, place of work and role. | To support with registration to Nutricia webinars. |
Hi5 Events. | Name, Email Address, areas of interest, place of work and role. | To support with registration to Nutricia digital events. |
Other Event Management Providers | Name, email, telephone, areas of interest, place of work and role, dietary requirements | To support with registrations and organise and manage digital and/or in person events on our behalf. |
Vendor Management Platform | Name, business or personal email, business or personal phone number, payment/billing information | To process payments for services provided e.g performing as a quest speaker at a Nutricia event. |
Survey & Market Research Providers | Professional and contact details such as name, email title role & your responses | To gather feedback, gain insights on our services and/or products. |
Internal Processors | ||
Other Nutricia / Danone internal teams | Personal contact data (email, phone number, address and name) | To process, handle and respond to complaints and queries or where we reasonably need to do so. |
If we decide to reorganise or to sell our business or our company, directly or indirectly through a sale, merger, or acquisition, we may share your personal data with actual or prospective purchasers of the business, or of our company. We will require that any such purchasers treat your personal data consistently with this Privacy Policy.
Personal data may be processed outside the UK. When processed outside the UK, Nutricia will make sure that this cross-border data processing is protected by adequate safeguards.
The safeguards that we use to protect cross-border data processing comprise of:
a) Standard Contractual Clauses approved by European Commission and approved for use in the UK. These standardized contractual clauses provide sufficient safeguards to meet the adequacy and security requirements of the European General Data Protection Regulation and UK General Data Protection Regulation; or
b) Certifications which demonstrate that third parties outside of the UK or EEA process personal data in a way that is consistent with the European General Data Protection Regulation and UK General Data Protection Regulation. These certifications are approved either by the European Commission, a competent supervisory authority or a competent national accreditation body in terms of General Data Protection Regulation.
c) An adequacy decision whereby we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
We may share your personal data with other Danone subsidiaries as detailed above. This may involve transferring your data outside the UK to our EU based entities. This transfer will be protected by using one of the safeguards as detailed above.
We may also process your personal data to predict your behaviour on our website and show you content or products that may be of interest to you. We may also use your data to send tailored communications via email and direct mail, where you have consented or where we assessed that we have a legitimate interest to do so.
When we send or display personalised communications, content, we may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, professional experience, economic situation, behaviour, location, reliability, or movements). This means that we may collect personal data about you in the different scenarios mentioned above. We centralise this data and analyse it to evaluate and predict your personal preferences and/or interests, to help us understand engagement and to create relevant content that may be of interest to you. Based on our analysis, we send or display communications and/or content tailored to your interests. You have the right to object to the use of your data for “profiling” in certain circumstances.
We confirm that you will not be subject to a decision based solely on automated decision-making, including profiling which produces legal effects, or which will significantly affect you. If we intend to make use of such methods, we will inform you and we will give you an opportunity to object to these processes in advance. You are also free to contact us for further information on such processing or to change your mind in relation to this type of processing. Please contact us via this link for further information on such processing.
We will only retain your personal data for the minimum time necessary to achieve the purposes for which we collected it as set out in this Privacy Policy, including to comply with any legal, regulatory, tax, accounting or reporting requirements.
Your personal data will also be retained for the duration of your contractual relationship with us, including where we maintain an ongoing relationship with you (for example where you have consented to marketing communications and have not unsubscribed from our mailing lists).
HCP details are stored for 3 years in Gigya and then moved to Gigya's consent vault for a further 7 years before being full deleted. This consent vault is a redacted, read only version of the record which can only be accessed in a compliance view. Records cannot move from the vault back to an active status. Patient data is stored in CommerceTools for 90 days before being fully deleted.
To determine the appropriate retention period for personal data, we take into account the quantity, nature and sensitivity of personal data, the potential risk of harm resulting from the unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the possibility of attaining those purposes by other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.
After the established deadlines, the data is either deleted or retained after being anonymized, especially for statistical purposes. It may be retained in case of pre-litigation and litigation. It should be noted that deletion or anonymization are irreversible operations, and that Nutricia is no longer able, thereafter, to restore this data.
We may also collect personal data about you through the use of cookies and other technologies. This may occur when you visit our sites or third-party sites, view our online content, or use our/third-party mobile applications and may include the following information:
a) Information about your device browser and operating system
b) The IP address , device ID and Mac ID of the device you are using
c) Web pages of ours that you view
d) Adverts you view
e) Links that you click while interactive with our services, and emails you open
f) Time and date of activity
Please see our cookie policy for more information on this link.
We will hold and process your personal data in accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation.
This notice was last updated on 3 September 2021. We reserve the right to change this notice at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Changes to this notice shall be applicable on the effective date of implementation. Please refer to our website for the latest version of this notice. We will also communicate any changes to you, where we are legally required to do so.
If you have any questions, comments or complaints regarding this Privacy Policy or the processing of your personal data, please contact us via this link or write to us at:
Data Protection Officer, Nutricia Limited, Newmarket Avenue, Whitehorse Business Park, Trowbridge, Wiltshire BA14 0X, England
You can also contact our Data Protection Officer directly via email at: DPO.UKIE@danone.com.