Nestlé in society Creating Shared Value and meeting our commitments 2015
nestle-csv-full-report-2015-en
nestle-csv-full-report-2015-en
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Nestlé</strong> <strong>in</strong> <strong>society</strong>:<br />
Creat<strong>in</strong>g <strong>Shared</strong> <strong>Value</strong><br />
Nutrition, health<br />
<strong>and</strong> wellness<br />
Rural development<br />
Water<br />
Environmental<br />
susta<strong>in</strong>ability<br />
Human rights<br />
<strong>and</strong> compliance<br />
Our<br />
people<br />
G4-56, Security practices G4-DMA, G4-HR7, G4-SO2, Anti-corruption G4-DMA, G4-SO3, G4-SO5, Customer privacy G4-DMA, G4-PR8<br />
In <strong>2015</strong>, we cont<strong>in</strong>ued to work on the mitigation of the risks<br />
identified <strong>in</strong> an assessment completed <strong>in</strong> 2014, <strong>in</strong> which the<br />
follow<strong>in</strong>g risks of corruption were identified:<br />
• Facilitation payments;<br />
• Gifts to government officials <strong>and</strong> third parties (purpose <strong>and</strong><br />
value); <strong>and</strong><br />
• Charitable contributions <strong>and</strong> non-commercial sponsorships<br />
(due diligence, records <strong>and</strong> documentation).<br />
To help mitigate these risks we:<br />
• Deployed the Guidance on <strong>Nestlé</strong>’s Commitment aga<strong>in</strong>st<br />
Bribery <strong>and</strong> Corruption as an attachment to the <strong>Nestlé</strong> Code<br />
of Bus<strong>in</strong>ess Conduct, provid<strong>in</strong>g additional <strong>and</strong><br />
complementary guidance on this topic;<br />
• Deployed a new e-learn<strong>in</strong>g tool designed to raise awareness<br />
<strong>and</strong> promote discussion; <strong>and</strong><br />
• Made progress towards <strong>our</strong> commitment to tra<strong>in</strong> all officebased<br />
employees (by 2017) <strong>and</strong> to adopt local anticorruption<br />
procedures <strong>in</strong> those markets <strong>and</strong> bus<strong>in</strong>esses<br />
where there is a need for further re<strong>in</strong>forcement.<br />
Security<br />
All security personnel work<strong>in</strong>g on <strong>Nestlé</strong>’s behalf are expected<br />
to respect human rights, act with<strong>in</strong> the law <strong>and</strong> comply with<br />
the company’s rules, as outl<strong>in</strong>ed by <strong>our</strong> <strong>Nestlé</strong> Group Security<br />
Policy <strong>and</strong> Corporate Bus<strong>in</strong>ess Pr<strong>in</strong>ciples.<br />
Two web<strong>in</strong>ars for regional security managers, cover<strong>in</strong>g key<br />
human rights concepts <strong>and</strong> generat<strong>in</strong>g discussion on concrete<br />
examples (such as due diligence for security companies, <strong>and</strong><br />
CCTV cameras <strong>and</strong> privacy), were attended by 80 employees<br />
<strong>in</strong> <strong>2015</strong>. Two new m<strong>and</strong>atory onl<strong>in</strong>e tra<strong>in</strong><strong>in</strong>g modules for site<br />
security representatives, both <strong>in</strong>clud<strong>in</strong>g specific po<strong>in</strong>ts on<br />
human rights, were developed <strong>and</strong> rolled out. The first module<br />
covers the pr<strong>in</strong>ciples <strong>and</strong> security governance; the second is<br />
more technical, but <strong>in</strong>cluded guidance on where to <strong>in</strong>stall<br />
surveillance cameras so as to respect privacy. In total, 579 site<br />
security representatives attended one or both modules.<br />
We also <strong>in</strong>corporated an audit component for security<br />
with<strong>in</strong> the CARE programme, which revealed 21 m<strong>in</strong>or gaps<br />
<strong>and</strong> one major gap <strong>in</strong> <strong>2015</strong>.<br />
Furthermore, <strong>in</strong> <strong>2015</strong>, we cont<strong>in</strong>ued with the active<br />
application of <strong>our</strong> Responsible S<strong>our</strong>c<strong>in</strong>g Audit Programme for<br />
security providers. This audit, guided by ethical pr<strong>in</strong>ciples, is<br />
applied to <strong>our</strong> Tier 1 suppliers who have a direct commercial<br />
relationship with <strong>Nestlé</strong>. The audit process promotes<br />
cont<strong>in</strong>uous improvement <strong>in</strong> l<strong>in</strong>e with the st<strong>and</strong>ards established<br />
<strong>in</strong> the <strong>Nestlé</strong> Supplier Code.<br />
Data privacy<br />
Protect<strong>in</strong>g the personal data of <strong>our</strong> consumers, employees <strong>and</strong><br />
other stakeholders is of paramount importance to <strong>Nestlé</strong>. The<br />
digital l<strong>and</strong>scape is constantly <strong>and</strong> rapidly chang<strong>in</strong>g, with new<br />
challenges aris<strong>in</strong>g cont<strong>in</strong>ually. In this environment, <strong>Nestlé</strong><br />
seeks to anticipate <strong>and</strong> respond to consumer expectations,<br />
data security threats, <strong>and</strong> regulation regard<strong>in</strong>g data privacy.<br />
Our approach is founded on an evolv<strong>in</strong>g <strong>in</strong>ternal data privacy<br />
governance framework of clear, robust <strong>in</strong>ternal st<strong>and</strong>ards <strong>and</strong><br />
an organisational structure empowered to enforce it.<br />
Our Privacy Policy<br />
<strong>Nestlé</strong>’s Privacy Policy lies at the heart of <strong>our</strong> consumer<br />
privacy framework. It features six key pr<strong>in</strong>ciples that all<br />
employees <strong>and</strong> contractors of <strong>Nestlé</strong> companies must comply<br />
with when process<strong>in</strong>g personal data. Such data must:<br />
• Only be processed for specific <strong>and</strong> legitimate bus<strong>in</strong>ess<br />
purposes;<br />
• Be processed fairly <strong>and</strong> lawfully;<br />
• Be properly managed;<br />
• Be protected aga<strong>in</strong>st unauthorised process<strong>in</strong>g <strong>and</strong> damage;<br />
• Be accessible when <strong>in</strong> the form of data collections; <strong>and</strong><br />
• Not be transferred to third parties or other countries without<br />
adequate safeguards.<br />
Additional restrictions apply to process<strong>in</strong>g sensitive personal<br />
data. We are strengthen<strong>in</strong>g this further through the development<br />
of a new Data Process<strong>in</strong>g St<strong>and</strong>ard, cover<strong>in</strong>g the process<strong>in</strong>g of<br />
all personal data from collection through to deletion.<br />
To the best of <strong>our</strong> knowledge, we had no substantiated data<br />
breach compla<strong>in</strong>ts to report for <strong>2015</strong>.<br />
Our Data Privacy Organisation<br />
<strong>Nestlé</strong>’s Group Data Privacy Organisation is tasked with<br />
seek<strong>in</strong>g to re<strong>in</strong>force capabilities <strong>and</strong> controls across the Group.<br />
It manages the <strong>Nestlé</strong> Data Privacy Framework <strong>and</strong> provides<br />
advice, support <strong>and</strong> guidance on its implementation. It is<br />
<strong>in</strong>creas<strong>in</strong>gly supported by data privacy officers <strong>and</strong> champions,<br />
who are be<strong>in</strong>g progressively appo<strong>in</strong>ted <strong>in</strong> <strong>our</strong> bus<strong>in</strong>esses <strong>and</strong><br />
markets, creat<strong>in</strong>g a broad <strong>Nestlé</strong> Data Privacy Organisation.<br />
The Data Privacy Organisation works closely with <strong>our</strong><br />
<strong>in</strong>ternal IS/IT Security, Market<strong>in</strong>g <strong>and</strong> HR functions <strong>in</strong><br />
execut<strong>in</strong>g the <strong>Nestlé</strong> Data Privacy Framework.<br />
Additionally, a number of <strong>in</strong>dividuals of <strong>our</strong> Data Privacy<br />
Organisation are members of professional bodies <strong>and</strong> actively<br />
contribute to the wider data privacy debate through<br />
<strong>in</strong>ternational conferences <strong>and</strong> other forums. We also engage<br />
with national <strong>and</strong> regional data privacy regulators, either<br />
directly or through representatives.<br />
Key data privacy <strong>in</strong>itiatives <strong>in</strong> <strong>2015</strong><br />
Our data protection work was further strengthened dur<strong>in</strong>g<br />
<strong>2015</strong>, when we carried out the follow<strong>in</strong>g actions:<br />
• Implemented a st<strong>and</strong>ard on privacy <strong>in</strong> digital market<strong>in</strong>g;<br />
• Worked with the CGF to adopt Consumer Engagement<br />
Pr<strong>in</strong>ciples (CEPs). The CEPs are <strong>in</strong>tended to act as a<br />
framework for how companies engage with their<br />
consumers to promote an environment of trust, particularly<br />
<strong>in</strong> relation to personal data;<br />
• Add<strong>in</strong>g to the network of data privacy specialists by<br />
appo<strong>in</strong>t<strong>in</strong>g several new data privacy officers <strong>and</strong> champions<br />
<strong>in</strong> Switzerl<strong>and</strong> <strong>in</strong> <strong>2015</strong>, with further appo<strong>in</strong>tments to be<br />
made globally next year;<br />
• Rolled out e-learn<strong>in</strong>g across the company; <strong>and</strong><br />
• Launched new, more transparent <strong>and</strong> clear communications<br />
about privacy for <strong>Nestlé</strong> websites.<br />
<strong>Nestlé</strong> <strong>in</strong> <strong>society</strong> – Creat<strong>in</strong>g <strong>Shared</strong> <strong>Value</strong> <strong>and</strong> meet<strong>in</strong>g <strong>our</strong> <strong>commitments</strong> <strong>2015</strong> 248