Consumer privacy

   

We regard privacy as a human right and are fully committed to protecting personal data and keeping consumers, employees and other stakeholders fully informed about how this data is processed. Our approach includes having a clear, robust policy in place and engaging closely with the industry.

At a glance

  • Our approach is founded on our Internal Privacy Policy, which features six key principles that all employees and contractors of Nestlé companies must comply with when processing personal data;
  • In 2013, we completed privacy compliance assessments on many of our websites; and
  • We’re also working with our key technology partners to decide exactly how personal data should – and should not – be used in marketing activities.

What we’re doing

  • Our Internal Privacy Policy, set by Group Compliance, sets out the privacy strategy and features six key principles that all employees and contractors of Nestlé companies must comply with when processing personal data. Such data must:

    • Only be processed for specific and legitimate business purposes;
    • Be processed fairly and lawfully;
    • Be properly managed;
    • Be protected against unauthorised processing and damage;
    • Be accessible when in the form of data collections; and
    • Not be transferred to third parties or other countries without adequate safeguards.

    Nestlé’s Group Data Protection Office verifies compliance with our Privacy Policy, and provides advice, assistance and guidance to other departments on its implementation. When it comes to processing sensitive personal data, further restrictions apply.

  • From the detailed consumer privacy audits we have completed in our IT operations and in selected markets, we identified inconsistencies in the way we inform consumers of their privacy rights. We have therefore decided to simplify and clarify our privacy notices across our large number of digital assets.

    We have also renewed our internal Digital Privacy and Hosting standards to provide better security assurances to our consumers, and our Group Information Systems/ Information Technology security committee, which meets quarterly, oversees data management.

  • The global privacy landscape is constantly changing. With this in mind, we closely monitor changes in the regulatory environment and come up with scalable solutions that meet our consumers’ expectations.

    We’re also working with our key technology partners to decide exactly how personal data should – and should not – be used in marketing activities. We believe that, if in doubt, we should always presume that consumers would prefer privacy.


Next steps

We will continue to engage with the industry, and with our stakeholders, to make sure we are at the forefront of changes in the regulatory environment. A key focus is our work towards obtaining ISO 27001 certification for our consumer relationship management systems. ISO 27001 is the best practice specification that helps businesses and organisations throughout the world to develop an information security management system.

Our long-term goal is to make privacy part of everyone’s mind-set, rather than the responsibility of a specific individual or group.


Related content

Find out more in our Creating Shared Value full report