Privacy Policy

Content of this Privacy Policy

1. General Information 
1.1. Processing of Personal Data 
1.2. Controller 
1.3. Rights of the Data Subject 
1.4. Disclosure to Authority  

2. Collection and Processing of Personal Data when visiting our Website 
2.1 Cookies 
2.2 Social Plug-ins 
2.3 Social Login 
2.4 YouTube-Videos 

3. Further services offered (on- and offline)
3.1 Contacting
3.2 Newsletter
3.3 Campaigns (e.g. Sweepstakes, Surveys, Product Tests)
3.4 Login Profile
3.5 Loyalty Program / NIVEA FOR ME
3.6 Postal Mailings
3.7 Ratings and Reviews
3.8 Live Chat
3.9 Web Shop

4. Objection or Withdrawal of your consent to the Processing of Personal Data

1. GENERAL INFORMATION

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our website and related services. 

1.1. Processing of Personal Data

Personal data within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

1.2. Controller

Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is: Beiersdorf AG, Unnastraße 48, 20245 Hamburg [Dataprotection[at]Beiersdorf.com] (see our imprint).

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or via the postal address of the controller for the attention of the “data protection officer”.

1.3. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data according to Art. 15 et seqq. GDPR:

Right of access;
Right to rectification and to erasure;
Right to restriction of processing;
Right to data portability; and 
Right to object.

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

1.4. Disclosure to Authority

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies.

2. COLLECTION & PROCESSING OF PERSONAL DATA WHEN VISITING OUR WEBSITE 

When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data (such as log data) that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. hosting, content management system) in accordance with the purposes required (for displaying the website and setting up its content).

Legal basis: Art. 6 (1) b GDPR. 

2.1 Cookies

In addition to the aforementioned data, cookies or other technologies like pixels (hereinafter referred to as “Cookies”) are used on your computer when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).

Through the information saved and returned, the respective website recognizes that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses Strictly necessary (Type A) cookies, the scope and functionality of which are explained below:

You can find more information on the cookie types set and used in the description of the tools implemented on our websites in this privacy policy. 

Strictly necessary cookies (Type A)

Strictly necessary cookies guarantee functions without which you cannot use our web pages as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies will be returned to our website. 

Strictly necessary cookies serve, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our website and thus do not have to re-enter your login data every time you access a new page. 

The use of strictly necessary cookies on our website is possible without your consent. For this reason, strictly necessary cookies cannot be activated or deactivated individually. However, you can deactivate cookies in your browser at any time (see below).

Legal basis: Art. 6 (1) b GDPR.

2.2 Social Plug-ins

Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of Facebook, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for Facebook.com in Europe. The plug-ins are usually marked with a Facebook logo. 

Besides Facebook, we use plug-ins from “Google+” (Provider: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA), “Twitter” (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and “Pinterest” (Provider: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA).

For data privacy reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social network. For this reason, there is no automatic data transmission to social networks such as Facebook, Google+, Twitter or Pinterest once you access our website. Data will be transmitted to social networks only if you actively click on the respective social network button. In this case, your web browser starts a connection to the respective social network's servers. By clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your browser will produce a link to the respective social network's servers and transmit usage data to the respective operator of the social network and vice versa. We have no influence upon the nature and extent of the data that is then gathered by the social networks. 

The social network provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider. 

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers as notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php.
Further information regarding the data collection: http://www.facebook.com/help/186325668085084, 
http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. 
Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. 

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; 
https://www.google.com/policies/privacy/partners/?hl=de. 
Google has submitted itself to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. 

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; 
https://twitter.com/privacy. 
Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. 

d) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA); http://about.pinterest.com/privacy/

2.3 Social Login

To register and log in to your customer account, you also have the option of authenticating yourself with your existing profile on one of the following social networks, Facebook, Twitter or Google+, and finally registering or logging in. 

For this purpose, you will find on the registration page or login page the corresponding symbols of the respective providers of the social networks supported by our website. Before a connection to the provider is established, you must expressly agree to the process and transmission of data described below:

By clicking on the respective symbol, a new pop-up window (so-called app) opens, in which you must log in with your login data for the social network. After you have successfully logged in, the social network will tell you, which data will be transmitted to us for authentication as part of the registration or login process. If you have agreed to this data transfer, the fields required by us for registration will be filled with the transmitted data. The information we require for registration or login is (i) your name and (ii) your email address. 

Only after your express consent to the use of the transmitted and required data, your data will be stored by us and used for the purposes as stated within this Privacy Policy. There is no link beyond the authentication process between your customer account created with us and your account on the corresponding social network. 

In order to perform the authentication process for registration and login, your IP address is transmitted to the respective social network provider. We have no influence on the purpose and scope of data collection and on the further processing of the data by the respective provider of the social network. For further information, please read the data protection information of the respective provider: 

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php 
more information on the data collection: http://www.facebook.com/help/186325668085084, 
http://www.facebook.com/about/privacy/your-info-on-other#applications as well as 
http://www.facebook.com/about/privacy/your-info#everyoneinfo 
Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. 

b)  Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. 
Google has submitted itself to the EU-US Privacy  Shield, https://www.privacyshield.gov/EU-US-Framework. 

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. 
Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. 

Facebook Connect

If a so-called “Facebook Connect Button” is placed on this website, you can log in to our website with your Facebook user data. In addition, Facebook Connect can automatically include information about your activities on our website in your Facebook profile. In this respect, when you activate the button, you will be given both the opportunity to expressly consent to access your Facebook user data and to publish information and activities in your Facebook profile. The use of further data (e.g. contact via your email address) only takes place with prior express consent. Please note that Facebook receives information about the application or website via Facebook Connect, including what you are doing. To personalize the connection process, Facebook may in some cases receive a limited amount of information prior to authorizing the application or website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and settings options for the protection of your privacy can be found in the privacy policy of Facebook

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php more information on the data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your- info#everyoneinfo Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

2.4 YouTube-Videos 

We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode ”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 2 of this privacy policy will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. 

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy. https://www.google.de/intl/de/policies/privacy; Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

3. FURTHER SERVICES OFFERED (ON- AND OFFLINE) 

In addition to the purely informational use of our website, we offer various other services, for which we process your personal data. 

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. 

External service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

If our service providers are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the service below. 

3.1 Contacting

When contacting or communicating with us, e.g. by email or via contact form on our website, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to answer your questions, requests or for the purpose of business related correspondence. We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed. 

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, call center service providers) in accordance with the purposes required (e.g. for establishing contacts, business related correspondence and customer care).

Legal basis: Art. 6 (1) b GDPR.

3.2 Newsletter

The newsletter contains news, offers and further information on the selected Beiersdorf brands. By subscribing to the newsletter you will receive personalized information about the products, services or suggestions for participation in promotions, such as competitions or product tests by e-mail or advertising on your own or third-party channels (e.g. via social media).

With your registration for the newsletter you will receive a newsletter tailored to your needs ("personalized"). We evaluate your purchase and click behavior on our websites or within the newsletter in order to compile the information relevant to you. 

The newsletter is usually sent once a month ("regularly"). In individual cases (e.g., for special actions), weekly emailing may also occur.

We also use remarketing measures to show you the relevant online advertising. Further information, especially about the respective recipients, can be found in the relevant Section for Online Advertising.

The data will be forwarded to our customer management platform, which service providers may also have access to support and implement the newsletter.

These collected data are automatically deleted after 18 months if they no longer respond to the newsletter, e.g. open (inactivity). If you no longer wish to receive the newsletter, you can unsubscribe at any time. Click on the link contained in each newsletter, you will then be guided through the unsubscribe process, or send us your withdrawal by email.

Legal basis: Art. 6 (1) a GDPR.

3.3 Campaigns (e.g. Sweepstakes, Surveys, Product Tests)

When you participate in sweepstakes, surveys or similar campaigns, we use the personal information you provide to conduct the campaign. Further information on the purposes can be found in the respective terms and conditions of the campaign. 

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, shipping, processing service providers) in accordance with the purposes required (to carry out the campaign). 

Your data will be deleted after the final processing of the campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations. 

The provision of your personal data is necessary for the performance of a contract. You are not obliged to provide your personal data. If your data is not provided, you cannot participate in the campaign.
Further information can be found in the respective terms and conditions of the campaign.

Legal basis: Art. 6 (1) b GDPR.

3.4 Login Profile

By registering we provide you the opportunity to write reviews to create a favorite list, get a newsletter and we will provide you for the future only personalized content based on your behavior; you agree that your data will be stored and used for market research and advertising purposes. We can then send you individualized advertising about our products or services.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, consumer database, marketing agency, review supplier) in accordance with the required purposes (to carry out the advertising etc.).

Your data will be deleted as soon as you have logged off from the program, unless this conflicts with legal storage obligations or statutes of limitations. In order to delete your data, please log in to your customer account and complete the unsubscribe process, or send us your withdrawal to the data processing by email. We delete your personal data automatically after 18 months inactivity.

Legal basis: Art. 6 (1) a GDPR.

3.5 Loyalty Program / NIVEA FOR ME

If participate in our loyalty program (online or offline), your personal data will be processed as follows:

By participating, you may receive your personal customer magazine, product samples and special offers via individualized email, post or online advertising on your own or third-party channels (e.g. social media). We evaluate your purchase and click behavior on our websites or within the newsletter (if subscribed to) in order to compile the information relevant to you. In addition, we use this data to contact you individually, taking into account already started or completed purchase transactions, or to suggest participation in campaigns such as sweepstakes or product tests. We will contact you via such communication channels that you provide to us in connection with your consent to contact us, for example by email, if you provide your e-mail address. Finally, we also use your data to analyze and improve the effectiveness of our websites. Your data will be stored and used for market research and advertising purposes. We can then send you individualized advertising about our products or services. 

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, shipping, processing service providers) in accordance with the required purposes (to carry out the sending of the magazine, product samples, advertising etc.). 

Your data will be deleted as soon as you have logged off from the program, unless this conflicts with legal storage obligations or statutes of limitations. In order to delete your data, please log in to your customer account and complete the unsubscribe process, or send us your withdrawal to the data processing by email. We delete your personal data automatically after 18 months inactivity.

Legal basis: Art. 6 (1) a GDPR

3.6 Postal Mailings

As a selected customer and consumer, you will also receive individual product information, offers and product samples from us by post (letter). 

This is a special form of direct marketing, which is also our legitimate interest and intensifies customer and consumer loyalty by providing the customer/consumer with exclusive information.
We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. customer/consumer management service providers, marketing agency, postal service provider) in accordance with the required purposes (postal mailings).

Your data will be deleted as soon as you have unsubscribed, unless this conflicts with legal storage obligations or statutes of limitations. You can unsubscribe or object to further postal mailings as stated within the letter or in the section objection below. We further delete your personal data automatically after 24 months inactivity (e.g. when you do not use the sent coupons).

Legal basis: Art. 6 (1) f GDPR

3.7 Ratings and Reviews

Registered users have the possibility to submit ratings and reviews of products, processes or other evaluations within the scope of the website's offers in accordance with the terms of use. It is our legitimate interest that users can give their free opinion about products.

Your rating will be published with your username. We recommend that you use a pseudonym instead of your clear name. The ratings are not reviewed before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. hosting service providers, customer management service providers) in accordance with the required purposes (for publication on the website).

Legal basis is Art. 6 (1) f GDPR

3.8 Live Chat

This website uses Userlike's live chat software. Userlike uses cookies to keep the chat content available while surfing the website and to connect you to the same operator if possible when chatting again. The data collected is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym, unless personal data is provided voluntarily during the use of the live chat.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. call centers) in accordance with the required purposes (for personal consultation). 

Your data will be deleted as soon as you have logged out of the live chat, unless this is contrary to legal retention obligations or statute of limitations.

The provision of your personal data is not required for the conclusion of a contract. You are not obliged to provide personal data. If your personal data is not provided, we can still offer you the live chat services.

Used Cookies: Type A. For further information, see Cookie Section.

Cookie lifetime: up to 2 years.

Maximum storage period of data: up to 14 months.

Legal basis: Art. 6 (1) b GDPR. 

3.9 Webshop

If you would like to order products in our web shop, it is required for the conclusion of the contract that you enter your personal data, which we need for the completion and execution of your order. Required information for the execution of the order is marked separately, any other information you provide is voluntary. We process the data provided by you only to process and execute your order. 

For this purpose we might transmit on the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. payment providers, fulfilment providers, customer management service providers, content management provider) in accordance with the required purposes (processing and execution of the order). To prevent unauthorized access to your personal data, especially financial data, the order process is encrypted using TLS technology.

In addition, you can voluntarily create a customer account through which we can store your data for future purchases. When you create such an account on the website, the data you have provided will be stored revocably. All other data, including your user account, can always be deleted in the customer area.

We may also process the information you provide to inform you of other interesting products in our portfolio or to send you emails containing technical information.

We are obliged by commercial and applicable tax laws to store your address, payment and order data for a period of up to ten years. 

Used Cookies: Type A. For further information, see Cookie Section.

Cookie lifetime: up to 2 years.

Maximum storage period of data: up to 14 months.

Legal basis: Art. 6 (1) b GDPR.

4. OBJECTION OR WITHDRAWAL OF YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA 

If you have given your consent (Art. 6 (1) a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us. 

If we base the processing of your personal data on the weighing of interests (Art. 6 (1) f GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing. 

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.