This Notice applies to Personal Data that We collect from or about you, through the methods described below (see Section 2), from the following sources:

Nespresso websites.Websites operated by or for Nespresso, including sites that We operate under our own domains/URLs and mini-sites that We run on third party social networks such as Facebook ("Websites").

E-mail, text and other electronic messages. Electronic communications between you and Nespresso.

Nespresso CRC. Calls to our Customer Relationship Centers (“CRC”).

Nespresso Boutiques. Stores managed by Nespresso.

Offline registration forms. Printed registration and similar forms that We collect via, for example, postal mail, in-store demos, contests and other promotions, or events.

Points of Sales. Demonstrators present in physical third party stores to assist you with the registering of your machine and coffee ordering.

Data from other sources. Third party social networks (e.g. such as Facebook, Google) or market researches (if feedback not provided on an anonymous basis).

Telemetry Data. We may collect certain data captured by Nespresso coffee machines that are connected to wifi. Examples include the machine Serial Number, machine alerts or errors, and the type of coffees prepared by consumers, with the respective date and time.

Depending on how you interact with Nespresso (online, offline, over the phone, etc.), We collect various types of information from you, as described below.

Personal contact information. This includes any information you provide to Us that would allow Us to contact you, such as your name, postal address, e-mail address, social network details, or phone number.

Account login information. Any information that is required to give you access to your specific account profile. Examples include your login email address, screen name and password in unrecoverable form

Demographic information & interests. Any information that describes your demographic or behavioural characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g. postcode/zip code), favorite products, hobbies and interests, and household or lifestyle information.

Technical information about computer/mobile device. Any information about the computer system or other technological device that you use to access one of our Websites or such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Nespresso website or app via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.

Websites/communication usage information. As you navigate through and interact with our Websites or newsletters, We use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies (browser cookies, flash cookies) and web beacons, and is also collected through the use of third party tracking. You have the right to object to the use of such technologies, for further details please see Section 3.

Email. We analyze your interactions with our content (e.g. click through rate, the opening of email) to provide you with personalized information based on your interests and preferences.

Market research & consumer feedback. This includes information that you voluntarily share with Us about your experience of using our products and services.

Consumer-generated content. This refers to any content that you create and then share with Us on third party social networks or by uploading it to one of our Websites or including the use of third party social network apps such as Facebook. Examples include photos, videos, personal stories, or other similar media or content and posts or PM you can leave on Nespresso social media pages. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third party social networking.

Third party social network information. This refers to any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Nespresso web application on a third party social network such as Facebook, every time you use a social networking feature that is integrated within a Nespresso site (such as Facebook Connect) or every time you interact with Us through a third party social network. To learn more about how your information from a third party social network is obtained by Nespresso, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.

Payment and Financial information. Any information that We need in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations and security standards such as PCI DSS.

Calls to CRC. Communications with a CRC will be recorded or listened into, in accordance with applicable laws, for local operational needs (e.g. for quality or training purposes). Payment card details are not recorded. Where required by law, you will be informed about such recording at the beginning of your call.

Cookies/Similar Technologies. Please see our Cookie Notice to learn how you can manage your cookie settings and for detailed information on the cookies We use and the purposes for which We use them.

Log Files. We collect information in the form of log files that record website activity and gather statistics about your browsing habits. These entries are generated automatically, and help Us to troubleshoot errors, improve performance and maintain the security of our Websites.

Web Beacons. Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP Address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on our Websites or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation.

The following paragraphs describe the various purposes for which We collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual.

Customer service. We use your Personal Data for customer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. order status, technical issue, product question/complaint (relayed via our communication channels or social media for instance), general question, etc.).

Legal basis for processing:

• Fulfilling contractual obligations
• Legal obligations
• Our legitimate interests

Our legitimate interests:

• Improving and developing new products and services
• Being more efficient

Contests, marketing and other promotions. With your consent (where required), We use your Personal Data to provide you with information about goods or services (e.g. marketing communications or campaigns or promotions). This can be done via means such as email, ads, SMS, phone calls and postal mailings to the extent permitted by applicable laws. Some of our campaigns and promotions are run on third party websites and/or social networks. This use of your Personal Data is voluntary, which means that you can oppose (or withdraw your consent in certain countries) to the processing of your Personal Data for this purposes.

For detailed information on how to modify your preferences about marketing communication, please see Sections 8 and 9 below. For more information about our contests and other promotions, please see the official rules or details posted with each contest/promotion.

Legal basis for processing:

• With your consent (where required)
• Fulfilling contractual obligations
• Our legitimate interests

Our legitimate interests:

• Working out which of our products and services may interest you and telling you about them
• Defining types of customers for new products or services

Third party social networks: We use your Personal Data when you interact with third party social networking features, such as “Like” functions to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.

Personalisation (offline and online): With your consent (where required), We use your Personal Data (i) to analyse your preferences and habits, (ii) to anticipate your needs based on our analysis of your profile, (iii) to improve and personalise your experience on our Websites; (iv) to ensure that content from our Websites is optimised for you and for your computer or device; (v) to provide you with targeted advertising and content, and (vi) to allow you to participate in interactive features, when you choose to do so. For example, We remember your login ID/email address or screen name so that you can quickly login the next time you visit our site or so that you can easily retrieve the items you previously placed in your shopping cart. Based on this type of information, and with your consent (where required), We also show you specific Nespresso content or promotions that are tailored to your interests. The use of your Personal Data is voluntary, which means that you can oppose the processing of your Personal Data for this purpose. For detailed information on how to opt-out please refer to Section 8 below.

Legal basis for processing:

• With your consent (where required)
• Our legitimate interests

Our legitimate interests:

• Working out which of our products and services may interest you and telling you about them
• Defining types of customers for new products or services

Order fulfillment: We use your Personal Data to process and ship your orders, inform you about the status of your orders, correct addresses and conduct identity verification and other fraud detection activities. This involves the use of certain Personal Data and payment information.

Legal basis for processing:

• Fulfilling contractual obligations

Other general purposes (e.g. internal or market research, analytic, security): In accordance with applicable laws, We use your Personal Data for other general business purposes, such as conducting internal or market research and measuring the effectiveness of advertising campaigns. We reserve the right, should you have Club Member accounts, to reconcile those accounts into one single account. We also use your Personal Data to ensure our security.

Legal basis for processing:

• Fulfilling contractual obligations
• With your consent (where required)
• Our legitimate interests

Our legitimate interests:

• Improving and developing new products and services
• Being more efficient
• Protect our assets and staff

Legal reasons or merger/acquisition: In the event that Nespresso or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your Personal Data with any of our legal successors. We will also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our Website.

Legal basis for processing:

• Legal obligations
• Our legitimate interests

Our legitimate interests:

• Compliance with legal obligations
• Protect our assets and staff

In addition to the Nespresso/Nestlé entities or ad-hoc in-country partners (in charge of Nespresso operations) mentioned in the data controllers & contact section (see Section 11), We may share you Personal Data with the following types of third party organisation:

Service providers. These are external companies that We use to help Us run our business (e.g. order fulfilment, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development, data analysis, CRC, etc.). Service providers, and their selected staff, are only allowed to process your Personal Data on Our behalf for the specific tasks that they’ve been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure. We take care of the agreements required by data protection legislation with the service providers we use in processing Personal Data. You can obtain a list of the providers processing your Personal Data (see Section 11 to contact Us).

Credit reporting agencies/debt collectors. To the extent permitted by applicable law, credit reporting agencies and debt collectors are external companies that We use to help Us to verify your creditworthiness (in particular for orders with invoice) or to collect outstanding invoices.

Third party companies using Personal Data for their own marketing purposes. Except in situations where you have given your consent, We do not license or sell your Personal Data to third party companies for their own marketing purposes. Their identity will be disclosed at the time your consent is sought.

Third party recipients using Personal Data for legal reasons or due to merger/acquisition. We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger (see Section 4 for details).

In accordance with applicable laws, We will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected (as described in Section 4 above) or to comply with applicable legal requirements.

Personal data used to provide you with a personalized experience (see Section 4 above for details) will be kept for a duration permitted by applicable laws.  Google analytics stores data for 26 months from the date of data collection.

We use a variety of reasonable measures (described below) to keep your Personal Data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third party social networks.

People who can access your Personal Data. Your Personal Data will be processed by our authorised staff or agents, on a need-to-know basis, depending on the specific purposes for which your Personal Data have been collected (e.g. our staff in charge of customer care matters will have access to your customer record).

Measures taken in operating environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although We will do our best to protect your Personal Data, We cannot guarantee the security of the data during transmission through our Websites.

Measures We expect you to take. It is important that you also play a role in keeping your Personal Data safe and secure. When signing up for an online account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the computer. You should also make use of any privacy settings or controls We provide you in our Website.

Transfer of your Personal Data. The storage as well as the processing of your Personal Data as described above require that your Personal Data are ultimately transferred/transmitted to, and/or stored at, a destination outside of your country of residence, notably Switzerland and Luxembourg. We will also transfer your Personal Data to countries outside the European Economic Area (“EEA”) (e.g. other Nespresso/Nestlé entities or ad-hoc in-country partners) including to countries which have different data protection standards to those which apply in the EEA. We have put in place European Commission approved standard contractual clauses to protect your Personal Data (and you have a right to ask Us for a copy of these clauses(by contacting Us as set out below).

Access to Personal Data. You, have the right to access, review and request a physical or electronic copy of information held about you. You also have the right to request information on the source of your Personal Data.

The right to inspect and the right to demand correction of information: Data subject has the right to check their Personal Data stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If necessary, the controller can ask the data subject to prove his/her identity. The controller responds to the data subject within the time stipulated in the EU data protection regulation. 

Additional rights (e.g. modification, deletion of Personal Data). Where provided by law, you can (i) request deletion, the portability, rectification of your Personal Data; (ii) oppose the data processing; (iii) restrict the use and disclosure of your Personal Data; and (iv) withdraw consent to those of our data processing activities which are based on the consent.

Please note that, in certain circumstances, We will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, to satisfy our legal or contractual obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.

Where available, our Websites have a dedicated feature through which you can review and edit the Personal Data that you have provided. Please note that We require our registered consumers to verify their identity (e.g. login ID/email address, password) before they can access or make changes to their account information. This helps prevent unauthorised access to your account.

These rights can be exercised by sending Us a message on our website under the "Contact Us" section or writing to us at Perroy Fi Oy, Itämerenkatu 1, 00180 Helsinki. The identity of the person making the request can be verified before the request is processed. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.

Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.

We hope that We can satisfy queries you may have about the way we process your Personal Data. However, if you have unresolved concerns, you also have the right to complain to competent data protection authorities.

We strive to provide you with choices regarding the Personal Data that you provide to Us. The following mechanisms give you the following control over your Personal Data:

Cookies/Similar Technologies. You manage your consent via (i) our consent management solution or (ii) your browser so as to refuse all or some cookies/similar technologies, or to alert you when they are being used. Please see Section 3 above.

Advertising, marketing and promotions. If you wish to have your Personal Data used by Nespresso to promote its products or services, you can indicate so through the relevant tickbox(es) located on the registration form or by answering the question(s) presented by our Trade demonstrators, CRC or boutique representatives. If you decide that you no longer wish to receive such communications, you can subsequently unsubscribe from receiving marketing-related communications at any time, by following the instructions provided in each such communication. To opt-out of marketing communications sent by any medium, including third party social networks, you can opt-out at any time by logging into the Websites or third party social networks and adjusting your user preferences in your account profile by unchecking the relevant boxes or by calling our CRC. Please note that, even if you opt-out from receiving marketing communications, you will still receive administrative communications from Us, such as order or other transaction confirmations, notifications about your account activities (e.g. account confirmations, password changes, etc.), and other important non marketing related announcements.

Personalization (offline and online). Where required by law, if you wish to have your Personal Data used by Nespresso to provide you with a personalized experience/targeted advertising & content, you can indicate so through the relevant tickbox(es) located on the registration form or by answering the question(s) presented by our Trade demonstrators, CRC or boutique representatives. If you decide that you no longer wish to benefit from this, you can opt-out at any time by logging into the Websites and adjusting your user preferences in your account profile by unchecking the relevant boxes or by calling our CRC.

Interest Based Advertising. We partner with ad networks and other ad serving providers (“Advertising Providers”) that serve advertising on behalf of Us and other non-affiliated companies on the Internet. Some of those advertisements are tailored to your interests based on information collected on Nespresso sites or on non-affiliated websites over time. You can visit www.aboutads.info/choices to learn more about this type of advertising, as well as about how to opt-out of interest-based advertising practices from companies that participate in the Digital Advertising Alliance’s (“DAA”) self-regulatory program. You can also stop the collection of precise location data from a mobile device by accessing your device location service settings.

If We change the way We handle your Personal Data, We will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice.

Data controller: Perroy Fi Oy

Business ID: 3342322-9

Address: Itämerenkatu 1, 00180 Helsinki

To ask questions or make comments on this Notice and our privacy practices or to ask our compliance with applicable privacy laws, please contact Us at: Perroy Fi Oy, Nespresso  or contact us through our website under the "Contact Us" section or call our CRC 

You can also contact us here.

The data subject has the right to file a complaint with the competent data protection authority, if the data subject considers that his/her personal data has been processed in violation of data protection legislation.

You can find the contact information of the Finnish Data Protection Authority here.

We will acknowledge and investigate any comments and feedback about the way We manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws).