Privacy Policy

Protection of your Data is important to us!

For NIVEA not only the care and protection of your skin is important. We also attach great importance to the protection of your personal data. That's why we respect your privacy and want you to be able to trust us as much when it comes to data protection as when it comes to skin care. We always inform you transparently about what we need your data for and if and for how long we store it.

List of Content

1. General Information 
1.1. Processing of Personal Data 
1.2. Controller 
1.3. Rights of the Data Subject 
1.4. Disclosure to Authority

2. Collection and Processing of Personal Data when visiting our Website 
2.1 Cookies
2.1.1 Technical cookies (Type A)
2.1.2 Functional and Performance Cookies (Type B)
2.1.3 Consent based Cookies (Type C)
2.1.4 Administration and deletion of all cookies
2.1.5 Consentmanager CMP – Central cookie management platform
2.2 Web Analytics
2.2.1 Google Analytics
2.2.2 A/B Testing
2.3 Social Plug-ins
2.4 Social Login
2.5 YouTube-Videos
2.6 Online Advertising
2.6.1 Google Ads (formerly Google Adwords)
2.6.1.1 Google Ads Conversion
2.6.1.2 Google Ads Remarketing
2.6.2 Google Analytics Advertising Features
2.6.3 Adform
2.6.4 (Website) Facebook Custom Audiences / Conversion (“Facebook Pixel”)
2.6.5 Commerce Connector
2.6.6 Where to buy (Swaven)
2.6.7 Data Management Platform (Salesforce Audience Studio/Krux)
2.6.8 LinkedIn Insight Tag
2.7 Google Tag Manager 
2.8 Pharmacy Finder
2.9 Pop-up for campaigns/newsletter/loyalty programs (optinmonster)
2.10 Chatbot (loyjoy)
2.11 Augmented Reality campaigns (Zappar)
2.12 User generated social media content (via squarelovin)
2.13 Captchas

3. Further services offered (on- and offline)
3.1 Contacting/Communication/Collaboration
3.2 Newsletter
3.3 Campaigns (Sweepstakes, Surveys, Product Tests)
3.4 Login Profile
3.5 Loyalty Program / NIVEA FOR ME
3.6 Postal Mailings
3.7 Ratings and Reviews
3.8 Live Chat
3.9 eShop
3.10 Surveys
3.11 SKiN GUiDE
3.12 Data Privacy Statement for applicants (recruitment)

4. Objection or Withdrawal of your consent to the Processing of Personal Data


The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our website and related services. This privacy policy applies to all websites or services that refer to this privacy policy. 

 

1.1. Processing of Personal Data

Personal data within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

 

1.2. Controller

Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is: Beiersdorf AG, Unnastraße 48, 20245 Hamburg [Dataprotection[at]Beiersdorf.com] (see our imprint).

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or via the postal address of the controller for the attention of the “data protection officer”.

Specific data processing activities might occur under the responsibility of other controllers. It is indicated in the respective description of those activities below, where this is the case.

 

1.3. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data in accordance with the legal provisions: 

  • Right of access;
  • Right to rectification and to erasure;
  • Right to restriction of processing;
  • Right to data portability; and 
  • Right to object. 

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3.1

 

1.4. Disclosure to Authority

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies.

Legal basis: Art. 6 (1) c GDPR (legal obligation) 


When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data (such as log data) that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. hosting, content management system) in accordance with the purposes required (for displaying the website and setting up its content).

The deletion of the log files takes place after 7 days.

Legal basis: Art. 6 (1) f GDPR (legitimate interest)

 

2.1 Cookies

In addition to the aforementioned data, cookies or other technologies like pixels (hereinafter referred to as “Cookies”) are used on your computer when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).

Through the information saved and returned, the respective website recognizes that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies, the scope and functionality of which are explained below:

- Technical cookies (Type A)
- Functional and Performance cookies (Type B)
- Consent-based cookies (e.g. Marketing) (Type C)

You can find more information on the cookie types set and used in the description of the tools implemented on our websites in this privacy policy. 

2.1.1 Technical cookies (Type A)

Technical cookies guarantee functions without which you cannot use our web pages as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies will be returned to our website.

Technical cookies serve, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our website and thus do not have to re-enter your login data every time you access a new page.

The use of technical cookies on our website is possible without your consent. For this reason, technical cookies cannot be activated or deactivated individually. However, you can deactivate cookies in your browser at any time (see below).

Legal basis: Art. 6 (1) b GDPR (situation similar to a contract)

2.1.2 Functional and Performance cookies (Type B)

 Functional cookies enable our website to store information already provided (such as registered name or language selection) and to offer you improved and more personalized functions based on this information. These cookies collect and store only pseudonymised information so that they cannot track your movements on other websites.

Performance cookies collect information about how our websites are used in order to improve their attractiveness, content and functionality. These cookies help us, for example, to determine whether and which subpages of our website are visited and in which content users are particularly interested. In particular, we record the number of visits to a page, the number of subpages accessed, the time spent on our website, the order of the pages visited, which search terms led you to us, the country, region and, if applicable, the city from which access is made, and the proportion of mobile devices accessing our websites. We also capture movement, clicks and scrolling with the computer mouse to understand which areas of our website are of particular interest to users. As a result, we can tailor the content of our website more specifically to the needs of our users and optimize our offering. The IP address of your computer transmitted for technical reasons is automatically made anonymous and does not allow us to draw any conclusions about the individual user.

The functional and performance cookies are so-called "strictly necessary" cookies within the meaning of the ePrivacy Directive 2002/58 EC, which do not require consent.

You can adjust at any time the cookie settings here (activate or deactivate).

Legal basis: 
Art. 6 (1) f GDPR (legitimate interest)

2.1.3 Consent-based cookies (Type C)

Cookies, which are neither technical Cookies (Type A) nor functional or performance cookies (Type B) will be used only upon your express consent, e.g. marketing cookies.

We also reserve the right to use information that we have obtained by means of cookies from an anonymous analysis of the usage behaviour of visitors to our website in order to display specific advertising for certain of our products on our own websites. We believe that you as a user benefit from this because we display advertising or content that we think suits your interests based on your surfing behaviour, so that you will see less randomly scattered advertising or certain content that might be of less interest to you. 

Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create target group-oriented advertising for the user.

Opt-out for cookies used for online advertising 

You can also manage many companies’ cookies used for online advertising via the consumer choice tools created under self-regulation programs in many countries, such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices. 

You can withdraw your consent to the use of consent based cookies (Type C) individually at any time with effect for the future by adjusting your cookie settings accordingly. 

Legal basis: Art. 6 (1) a GDPR (consent)

2.1.4 Administration and deletion of all cookies

You can set your web browser in such a way that cookies are generally prevented from being saved to your device and/or that you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser’s help function. 

Please note that generally deactivating cookies may lead to functional restrictions of our website.

2.1.5 Consentmanager CMP – Central cookie management platform

Purpose/Information:

This website is using the consent management tool "consentmanager" (www.consentmanager.net) to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed.

By processing the data, consentmanager helps us to fulfill our legal obligations (e.g. obligation to provide evidence). Our interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active.

Used Cookies: Type A. For further information, see Cookies Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, analytical, support providers) in accordance with the required purposes (to provide a cookie consent management tool). Main service provider is Consentmanager AB, Sweden.

Deletion:

The data will be deleted after 13 months. The choice you have made (consent/setting) will be stored for one year and can be viewed here. You can always delete your choice by deleting the cookies within your browser.

Legal basis:

Art. 6 (1) b GDPR (situation similar to a contract)

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

 

2.2 Web Analytics

2.2.1 Google Analytics

Purpose/Information:

This website uses Google Analytics, a web analysis service of Google Ireland Ltd. (“Google”). The configuration of Google Analytics has been modified by us to the measurement onlyfunction, unless separate consent for further advertising features has been given.

Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website.The cookies set by Google Analytics for measurement are first party cookies, which means that data subjects’ cookievalues will be different for each customer (i.e. there is not a single Google Analytics cookie ID that is used on all sites using Google Analytics). The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there.

We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp();” to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google within the territory of the EU and the Treaty States of the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.

Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

We use Google Analytics to analyse and regularly improve the usage of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. In addition, we gain information about the functionality of our site (for example to detect navigation problems).

In the configuration of Google Analytics, we ensured that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The "Google Analytics Advertising Features" configuration is independent from this and is described in the appropriate section below, provided it is also used on this website.

Used Cookies: Type B. For further information, see Cookies Section.

Recipients:

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google Analytics Terms of Service: https://www.google.com/analytics/terms/gb.html , General overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en , as well as Googl;s privacy policy: https://policies.google.com/privacy?hl=en

Transfer to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.
Further recipients: We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform, hosting, support and analysis service providers) in accordance with the required purposes (to perform analyses). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion/Objection: You can deactivate Google Analytics via the Cookie Settings here.

You can prevent the storage of cookies by making the proper setting using your browser software. In addition, you can prevent Google from recording the data related to your use of the website generated by the cookie (including your IP address) and from processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 26 months.

Legal basis:
Art. 6 (1) f GDPR (legitimate interest) 

2.2.2 A/B Testing

Purpose/information:

This website also carries out analyses of user behavior via a so-called A/B testing. We can show you our websites with slightly varied content, depending on your profile assignment. This enables us to analyze and regularly improve our services and make them more interesting for you as a user.

Cookies are stored on your computer for these analyses. The information collected in this way is stored exclusively on a server in the EU. You can prevent the storage of cookies by making the proper setting using your browser software.

Before the analyses are carried out, the IP addresses are further processed in abbreviated form, so that direct personal contact can be ruled out. The IP address transmitted by your browser is not merged with other data collected by us.

Used Cookies: Type B. For further information, see Cookies Section.

Recipients:

The data is accessible by our analytical service providers based in the EU.

Deletion/objection:

Cookie lifetime: up to 2 years (this applies only for cookies which have been set by this website.).

Maximum storage period of data: up to 25 months.

Legal basis:
Art. 6 (1) f GDPR (legitimate interest)

 

2.3 Social Plug-ins

Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of Facebook, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for Facebook.com in Europe. The plug-ins are usually marked with a Facebook logo. 

Besides Facebook, we use plug-ins from “Twitter” (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and “Pinterest” (Provider: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA).

For data protection reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social network. For this reason, there is no automatic data transmission to social networks such as Facebook, Twitter or Pinterest once you access our website. Data will be transmitted to social networks only if you actively click on the respective social network button. In this case, your web browser starts a connection to the respective social network's servers. By clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your browser will produce a link to the respective social network's servers and transmit usage data to the respective operator of the social network and vice versa. We have no influence upon the nature and extent of the data that is then gathered by the social networks.

The social network providers stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in providers to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data is transferred regardless of whether you have an account with the plug-in providers and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in providers also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers as notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php more information on the data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo

b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy

c) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA); http://about.pinterest.com/privacy/

d) Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; xhttp://www.xing.com/privacy/

e) T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Germany; https://t3n.de/store/page/datenschutz

f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

 

2.4 Social Login

To register and log in to your customer account, you also have the option of authenticating yourself with your existing profile on one of the following social networks, Facebook, Twitter or Google, and finally registering or logging in. 

For this purpose, you will find on the registration page or login page the corresponding symbols of the respective providers of the social networks supported by our website. Before a connection to the providers is established, you must expressly agree to the process and transmission of data described below:

By clicking on the respective symbol, a new pop-up window opens, in which you must log in with your login data for the social network. After you have successfully logged in, the social network will tell you, which data will be transmitted to us for authentication as part of the registration or login process. If you have agreed to this data transfer, the fields required by us for registration will be filled with the transmitted data. The information we require for registration or login is your email address. 

Only after your express consent to the use of the transmitted and required data, your data will be stored by us and used for the purposes as stated within this Privacy Policy. There is no link beyond the authentication process between your customer account created with us and your account on the corresponding social network. 

In order to perform the authentication process for registration and login, your IP address is transmitted to the respective social network provider. We have no influence on the purpose and scope of data collection and on the further processing of the data by the respective providers of the social network. For further information, please read the data protection information of the respective provider: 

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php 
more information on the data collection: http://www.facebook.com/help/186325668085084
http://www.facebook.com/about/privacy/your-info-on-other#applications as well as 
http://www.facebook.com/about/privacy/your-info#everyoneinfo 

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy

Facebook Connect

If a so-called “Facebook Connect Button” is placed on this website, you can log in to our website with your Facebook user data. In addition, Facebook Connect can automatically include information about your activities on our website in your Facebook profile. In this respect, when you activate the button, you will be given both the opportunity to expressly consent to access your Facebook user data and to publish information and activities in your Facebook profile. The use of further data (e.g. contact via your email address) only takes place with prior express consent. Please note that Facebook receives information about the application or website via Facebook Connect, including what you are doing. To personalize the connection process, Facebook may in some cases receive a limited amount of information prior to authorizing the application or website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and settings options for the protection of your privacy can be found in the privacy policy of Facebook:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.phpmore information on the data collection:
http://www.facebook.com/help/186325668085084 http://www.facebook.com/about/privacy/your-info-on-other#applications , as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

 

2.5 YouTube-Videos 

We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 2 of this privacy policy will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. 

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: https://www.google.com/intl/en/policies/privacy.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here:https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

 

2.6 Online Advertising

2.6.1 Google Ads (formerly Google Adwords)

Information/purpose:

2.6.1.1 Google Ads Conversion

We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

The advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their device has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

2.6.1.2 Google Ads Remarketing

We use the remarketing function within the Google Ads service. The remarketing function allows us to present to users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores cookies in the browsers of users who visit certain Google services or websites in the Google Display Network. This cookie is used to record the visits of these users. The number is used to uniquely identify a web browser on a particular device. Used Cookies: Type C. For further information, see Cookies Section.

Recipients:

For more information on the purpose and scope of data collection and processing by Google, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:  https://www.google.com/intl/en/policies/privacy ;

Transfers to third countries are possible.As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. Alternatively, you will also find more information on the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org;

Deletion/withdrawal:

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly (in particular by suppressing third-party cookies, you will not receive any ads from third-party providers); b) by deactivating cookies for conversion tracking: by setting your browser so that cookies are blocked by the domain www.googleadservices.com, https://www.google.de/settings/ads , this setting being deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices .This setting is deleted when you delete your cookies; d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers under the link http://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly (click here). Please note that in this case you may not be able to use all functions of this offer in full.

Cookie lifetime: up to 180 days (this applies only for cookies which have been set by this website).

Legal basis:

Art. 6 (1) a GDPR (consent)

2.6.2 Google Analytics Advertising Features

This website also uses the extended functions of Google Analytics (Google Analytics Advertising Features) in addition to the standard functions. The Google Analytics Advertising Features implemented on this website include:

· Google Display Network Impression Reporting

· Google Analytics Demographics and Interest Reporting

· Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers

We therefore use first-party cookies (e.g. Google Analytics cookies) and Google advertising cookies and identifiers together in order to optimize our website.

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly; b) via your Google ad settings on https://www.google.com/ads/preferences/?hl=en; c) by setting your cookie preferences accordingly (click here). Please note that in this case you may not be able to use all functions of this offer in full.

Used Cookies: Type C. For further information, see Cookies Section.

Cookie lifetime: up to 12 months (this applies only for cookies which have been set by this website).

Legal basis:

Art. 6 (1) a GDPR (consent) 

2.6.3 Adform

Information/purpose:

This website uses the online marketing tool Adform by Adform A/S Denmark. Adform uses cookies to display ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ad more than once. Adform uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Adform may use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees an Adform ad and later visits the advertiser's website with the same browser and buys something there. Adform cookies do not contain any personal information, such as email-address, name or addresses.

Your browser automatically establishes a direct connection to the Adform server once visiting our website. By integrating Adform, Adform receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us.

In addition to that, Adform cookies allow us to understand whether you complete certain actions on our website(s) after viewing one of our display/video ads on Adform or other platforms through Adform or clicking through one (conversion tracking). Adform uses this cookie to understand the content with which you have interacted on our website(s) in order to be able to send you targeted advertising later.

Used Cookies: Type C. For further information, see Cookies Section.

Recipients:

You will find more information on Adform at https://site.adform.com/, with regards to data protection at Adform A/S Denmark: https://site.adform.com/privacy-center/overview.

Deletion/withdrawal:

You can prevent your participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any ads from third-party providers; b) by deactivating cookies from Adform via your browser under https://site.adform.com/privacy-center/platform-privacy/opt-out/ c) by setting your cookie preferences accordingly (click here).

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 13 months.

Legal basis: Art. 6 (1) a GDPR (consent) 

2.6.4 (Website) Facebook Custom Audiences/ Conversion(“Facebook Pixel”)

Information/purpose:

This website uses the so-called "Facebook Pixel" of the social network "Facebook" for the following purposes:
Facebook (website) Custom Audiences
We use the Facebook pixel for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network "Facebook" or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you.

Facebook conversion
We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies requiring your consent. Through the integration of the Facebook pixel, Facebook receives the information that you have called up the corresponding website of our internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.
The processing of this data by Facebook takes place within the framework of Facebook's data policy. Special information and details about the Facebook pixel and its functionality can also be found in the Facebook help area.

Used Cookies: Type C. For further information, see Cookies Section.

Recipients:

Joint Controller:

We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for the collection and transfer of data in this process. This applies to the following purposes:
The creation of individualized or suitable ads, as well as for their optimization
Delivery of commercial and transaction-related messages (e.g. via Messenger)
The following processes are therefore not covered by joint controllership:
The process that takes place after the collection and transmission is within the sole responsibility of Facebook.
The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility.

We have concluded a corresponding agreement with Facebook for joint controllership, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint controllership.

The contact details of the Controller and the data protection officer of Facebook can be found here: https://www.facebook.com/about/privacy.

We have agreed with Facebook that Facebook can be used as a contact point for the exercise of data subject rights (see Section 1.3). Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited.

Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR.

Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Further Recipients:
We transfer also the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform-, hosting, support and analysis service providers) in accordance with the required purposes (for the execution of ad display and analysis). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion/withdrawal:

The “Facebook Custom Audiences” function can be deactivated in the Cookie Settings and for logged in users at https://www.facebook.com/settings/?tab=ads#_.

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) a GDPR (consent) 

2.6.5 Commerce Connector

Information/Purpose:

On our website, we provide you with a list of different online retailers, where you can buy our products. If you click on a link to one of the retailers, you will be forwarded to the product detail webpage of the selected retailer and our partner - Commerce Connector GmbH, - will store a cookie on your device for a period of 7 days. If you make a purchase at the selected retailer within this period, Commerce Connector gets a general information about your purchase once you have finalized the purchase and reached the order confirmation page.

For this reason, Commerce Connector receives a unique cookie number that is used to create anonymous sales statistics of our products purchased through the link. Commerce Connector provides us with this anonymous statistics.

Cookies used: Type c. More information can be found in the Cookies Section

Recipients:

The data will be processed by our partner Commerce Connector GmbH, Deckerstr. 41, 70372 Stuttgart. Please refer to the Commerce Connector Privacy Policy for more information on the tool and how to turn it off.

Deletion/Withdrawal:

Cookie lifetime: 7 days (this applies only to cookies which have been set by this website) https://www.commerce-connector.com/website/de/policy-de/policy_cco/#optout

Legal basis:

Art. 6 (1) a GDPR (consent)

2.6.6 Where to buy (Swaven)

Information/Purpose:

We provide you on our website the opportunity to buy our products on online retailers websites (e.g. with a shopping cart symbol). With this function we get only performance and analytical information to audience the efficiency of the tool (via cookies) which is also our legitimate interest. A cross-website tracking does not occur, so we do not get the information if you have bought something in the selected store.

For a better user experience and to show local stores, we use the geolocation of the visitor to personalize the service. We operate at city scale geolocation by partially analyzing the IP address. A more precise geolocation can be used when the user has validated the function. The geolocation is used only during the session.

Cookies used: Type b. More information can be found in the Cookies Section

Recipients:

These data will be processed to our Partner Swaven SAS, Paris, France. Further information can be found here: https://www.swaven.com/cookie-policy

Deletion/Withdrawal:

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (legittimate interest)

2.6.7 Data Management Platform (Salesforce Audience Studio/Krux)

Information/Purpose:

This website uses a tool to centralize the website visitors within one platform in order to segment the users for campaigns and to receive insights about the performance of a campaign. The differentiation of visitors is based on unique ID (cookies or local storage). The tool also provides the possibility that individual product/marketing information on third party websites can be published based on the visit on our website. The data may include information about how the user came to the website and how users interact with it. Browsers automatically also send certain standard information to every website a user visits, such as an IP address, browser type and language settings, access times, and referring website addresses. Additionally, the tool provides the possibility to connect the website visitor data (also cross-device) to our registered users once they are logged in and the user has consented to it.

Further information can be found here: https://www.salesforce.com/products/marketing-cloud/sfmc/audience-studio-privacy/

Used Cookies: Type C. For further information, see Cookies Section

Recipients:

We transfer also the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform-, hosting, support and analysis service providers) in accordance with the required purposes (for the execution of campaign display, segmentation, user data connection and analysis). Main service provider is salesforce.com Germany GmbH, Germany. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Deletion/Withdrawal:

The personal data this tool collects gets deleted within 6 months of inactivity. The consent can be withdrawn with effect for the future within the cookie settings (click here). In the case of registered users and with the respective consent, the data may be linked to their consumer profile. The deletion rules for the consumer profile then apply accordingly (e.g. loyalty program).

Cookie lifetime: up to 6 months (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) a GDPR (consent)

2.6.8 LinkedIn Insight Tag

Information / Purpose:

We use the LinkedIn Insight Tag on this website. The LinkedIn Insight Tag collects metadata such as URL, IP address, timestamp, device and browser characteristics in order to produce insights and campaign reporting that do not identify you. We are not able to identify you through these reports. LinkedIn provides only reports and alerts (which do not identify you) about the website audience and ad performance. You can control the use of your personal data for advertising purposes through your LinkedIn account settings.

Further information:

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/legal/cookie-policy

https://www.linkedin.com/legal/l/cookie-table

Cookies used: Type c. More information can be found in the Cookies Section

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group as well as to external service providers in accordance with the required purposes (hosting and analysis services). Main service provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Grand Canal Dock, Dublin, 2 Ireland Transfer to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here:https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Deletion/Withdrawal:

Your data will be deleted after the final processing of the campaign.

You can withdraw your consent to the use of consent based cookies (Type c) individually at any time with effect for the future by adjusting your Cookie Settings accordingly.

Cookie lifetime: up to 90 days.

Legal basis:
Art. 6 (1) a GDPR (consent)

2.7 Google Tag Manager

Information/Purpose:

This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.

Recipients:

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Transfer to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Legal basis

Art. 6 (1) f GDPR (legitimate interest)

2.8  Pharmacy Finder

With our pharmacy finder you can find pharmacies closest to your location in order to buy ourproducts. You can either enter your address yourself or have your location determined by your browser. To do this, we use the service Google Maps of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). In order to let Google map content to be included and viewed in your web browser, your web browser must be able to connect to a Google-based server located in the United States. Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPRapply.More information on this topic is published here:https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. Google receives the information that our website has been called from the IP address of your device. Google stores your data and uses it for advertising, market research, and personalized illustration of Google Maps. You may object to this data collection. Further information can be found here:https://www.google.com/intl/de_US/help/terms_maps/

Legal basis:
Art. 6 (1) f GDPR (legitimate interest)

2.9  Pop-up for campaigns/newsletter/loyalty programs (optinmonster)

Purpose/Information:

This website uses pop up features to offer you a quick and easy way to participate in campaigns or to subscribe to newsletters/loyalty programs. The purpose of each campaign/newsletter/loyalty program is described in one of the sections below and is independent from providing this pop-up functionality.We sometimes use functions to ensure, that you only see those pop-ups in certain conditions, e.g. that you only see the pop-ups the first time you visit our website or how often the pop up shall appear.

Cookies used: Type b. More information can be found in the Cookies Section

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external serviceproviders, contract processors (e.g. hosting, support, analytical provider) in accordance with the purposes required  (to execute the desired  campaign/newsletter/program). Platform/hosting  providers  will  have  access  to  personal  data  from  a  third  country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers .  More  information  on  this  topic  is  published  here:https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Objection:

The deletion of the entered data depends on the campaign/newsletter/loyalty program as described below.

Cookie lifetime: up to 12 months, in general 30 days (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) f GDPR(when processing according to the legitimate interest described above)

2.10 Chatbot (loyjoy)

Purpose/Information:

This website provides the feature to get in a personalized dialog with us. With our chatbot you can participate on surveys or sweepstakes and order the newsletter or become part of the loyalty program. We therefore collect various communication/interaction data as provided by you.This gives us also the possibility to analyse the data and to evaluate them for statistical purposes.

Cookies used: Type b. More information can be found in the Cookies Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, processing service providers) in accordance with the required purposes (to carry out the chatbot and the demanded service (e.g. newsletter) etc.). Main service provider is Loyjoy GmbH, Muenster Germany. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers . More information on this topic is published here :https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Objection:

The chat dialogs within the chatbot will be automatically deleted after 48 hours. The user has the possibility to delete the data earlier within the chatbot menu and to use further privacy rights. Depending on selected purposes (sweepstake, surveys, newsletter etc.) the data retention periods as mentioned in the corresponding context applies(see below).

Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) f GDPR (legitimate interest)

2.11 Augmented Reality campaigns (Zappar)

Purpose/Information:

This website provides augmented reality (AR) features. It will therefore require access to your device camera to function as intended. The pictures or videos from your device will not be collected or stored.

This website uses creates statistics to measurethe performance and functionality of the augmented reality campaigns. A unique user profile will not be created.For a more detailed statistic and to route you to your local website we will determine your IP-address location. Your IP-address will be as soon as possible discarded and not stored within the statistics.

Cookies used: Type a. More information can be found in the Cookies Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, processing service providers) in accordance with the required purposes (to carry out the AR Campaigns and to measure the performance). Main service provider is Zappar Ltd, The Barley Mow Centre;10 Barley Mow Passage, London W4 4PH UK (SC394617). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here  :https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Objection:

The pictures or videos from your device will not be collected or stored. For the determination of the location we will use the IP-address, which will be afterwards discarded and not stored within the statistics. The deletion is in general within seconds but can take undercertain conditions up to 24 hours.

Legal basis: 

Art. 6 (1) b GDPR (situation similar to a contract-for providing the AR feature)

Art. 6 (1) f GDPR (legitimate interest as described above)

2.12 User generated social media content (via squarelovin)

Purpose/Information:

This website provides the feature to show content provided from social media users after their approval. The content you see within the toolis based onfunctional cookies(e.g. language, last stream loaded and seen) and is for your convenience.We also use the data for analytics and statistics. Further information can be found on https://squarelovin.com/privacy/

Cookies used: Type a. More information can be found in the Cookies Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, processing service providers)in accordance with the required purposes (to show you the social media content on this website). Main service provider is Anchor Media GmbH, Germany. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: :https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion:

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Legal basis: 

Art. 6 (1) f GDPR (legitimate interest)

2.13 Captchas

This website uses in specific cases the Google reCAPTCHA v2 to avoid the usage of text fields by automated programs/bots. It helps to support the security of our website and to avoid SPAM for the users. This is also our legitimate interest and fulfills our legal obligation.

The collected data are hardware and software information, such as device and application data and the result of integrity checks. These data will be sent to Google Ireland Limited,Gordon House, Barrow Street, Dublin 4, Ireland. The data will not be used by Google for personalized ads.

Further information can be found in their privacy policy: https://policies.google.com/privacy Further documentation can be found here:  https://developers.google.com/recaptcha/   https://www.google.com/recaptcha/admin/create   . . Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here :https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Legal basis:

Art. 6 (1) c GDPR (when processing is necessaryfor compliance with a legal obligation)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above)

 


In addition to the purely informational use of our website, we offer various other services, for which we process your personal data. 

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. 

External service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

We may also disclose your personal data to third parties when we offer promotions, sweepstakes, contracts or similar services in conjunction with partners. Further information can be obtained at the time when you provide the data or in the description of the services below.

Contrary to 1.2, in some cases a Beiersdorf Company is Controller for the services offered below, which has already been named to you as part of the communication. If reference is therefore made to sections of this privacy policy, e.g. by link, and a Controller has already been named, e.g. in the footer/signature of an e-mail or campaign card, this person is the Controller in accordance with. Art. 4 No. 7 GDPR.

If our service providers are based in a country outside the European Economic Area (EEA), international data transfers can occur. We will inform you of the consequences of this circumstance in the description of the service below. 

 

3.1 Contacting/Communication/Collaboration

Purpose / Information:

When communicating and/or collaboration with us, e.g. by email or via contact form on our website, data exchange platform, be it e.g. as a consumer, test person, business partner or customer, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.

Recipients:

In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If you are a business partner, we regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. For this purpose, we cooperate with credit agencies from which we receive the necessary data. For this purpose we transmit your name and your contact data to the credit agencies.

If you are a business customer or partner, it may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymized data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, call center service providers) in accordance with the purposes required (e.g. for establishing contacts, business related correspondence and customer care). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion /Objection:

We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.

You can object to these processes according to the requirements under 4.

Legal basis:

Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract)

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above) 

 

3.2 Newsletter

Purpose / Information:

The newsletter contains news, offers and further information on the selected Beiersdorf brands. By subscribing to the newsletter, you will receive in accordance with the consent you have given in each case personalized information about the products, services or suggestions for participation in promotions, such as competitions or product tests by e-mail.

With your registration for the newsletter you will receive a newsletter tailored to your needs (if the newsletter is "personalized", "individualized" or "customized"). We evaluate your purchase and click behavior on our websites or within the newsletter in order to compile the information relevant to you.

We also use remarketing measures to show you the relevant online advertising.

Recipients:

The data will be forwarded to our customer management platform, which service providers may also have access to support and implement the newsletter. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Withdrawal:

These collected data are automatically deleted after 24 months at the latest if they no longer respond to the newsletter, e.g. open (inactivity). If you no longer wish to receive the newsletter, you can unsubscribe at any time. Click on the link contained in each newsletter, you will then be guided through the unsubscribe process, or send us your withdrawal by email.

Legal basis: Art. 6 (1) a GDPR (consent)

 

3.3 Campaigns (e.g. Sweepstakes, Product Tests)

Purpose / Information:

When you participate in sweepstakes or similar campaigns, we use the personal information you provide to conduct the campaign. Further information on the purposes can be found in the respective terms and conditions of the campaign.

The provision of your personal data is necessary for the performance of a contract. You are not obliged to provide your personal data. If your data is not provided, you cannot participate in the campaign.

Further information can be found in the respective terms and conditions of the campaign.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, shipping, processing service providers) in accordance with the purposes required (to carry out the campaign). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion:

Your data will be deleted after the final processing of the campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations.

Legal basis: Art. 6 (1) b GDPR (situation similar to a contract)

 

3.4
3.4.1 Login Profile

Purpose / Information:

By registering we provide you the opportunity to write reviews to create a favorite list, get a newsletter [and we will provide you for the future only personalized content based on your behavior; you agree that your data will be stored and used for market research and advertising purposes. We can then send you individualized advertising about our products or services].

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, consumer database, marketing agency,review supplier) in accordance with the required purposes (to carry out the advertising etc.). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion:

Your data will be deleted as soon as you have deleted your account unless this conflicts with legal storage obligations or statutes of limitations. In order to delete your data, please log in to your customer account and use the deletion function, or send us your withdrawal to the data processing by email. We delete your personal data at the latest automatically after 24 months inactivity.

Legal basis: Art. 6 (1) a GDPR (consent)

3.4.2 Centralized Login Profile

Purpose / Information:

When registering Beiersdorf AG provides you with the opportunity to create an account with a password (login profile). This login profile will be created within the centralized NIVEA login profile database and shall verify that you are the valid owner of the account and/or e-mail address. This login database is in general only connected to the service you are registering to and handles only the verification part of your login profile. The login profile will therefore be forwarded to the respective local NIVEA/ Beiersdorf company you are demanding the service for. 

If you demand additionally further services of another NIVEA/Beiersdorf company (e.g. registering a login profile for another country site) your login profile incl. password can be optionally reused for your demanded service. 

Logfiles: When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

Used Cookies: Type A. For further information, see Cookie Section.

Controller:

Responsible for the centralized profile is Beiersdorf AG, Unnastr. 48, 20253 Hamburg, Germany.

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or under
the postal address of the controller for the attention of the “data protection officer”. 

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, support) in accordance with the required Commented [MM/H19]: Please do not confuse this with the loyalty program: This section is a placeholder for general login functions! Confidential Latest Major Version 7.0 – 01.04.2021 purposes (to forward the login profile based on the demanded service and the user verification). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion/Withdrawal:

Your login profile will be automatically deleted as soon as you have deleted your local NIVEA account on the registered website, unless this conflicts with legal storage obligations or statutes of limitations. In cases where you are registered with this login profile to more than one local NIVEA account, your login profile will be deleted when all your local NIVEA accounts are deleted. An automatic deletion of local Eucerin accounts in general take place after 24 months of inactivity. 

In case you only created this login profile without registering to a local NIVEA account, this login profile will be automatically deleted within one day. 

The deletion of the logfiles takes place after 7 days. 

Legal basis:
Art. 6 (1) a GDPR (consent; centralized login profile) 
Art. 6 (1) f GDPR (legitimate interest; logfiles)

3.5 Loyalty Program / [NIVEA FOR ME]

Purpose / Information:

The purpose of this program is a personalized experience for you as a member. When you register to our loyalty program (online or offline) [myNIVEA], you will receive exclusive and personalized content, like the personal customer magazine, product samples or special offers, e.g. by e-mail, post, SMS or online advertising on our own or third-party channels, such as social media (e.g. Facebook). For this purpose we use the contact information you provide (e.g. e-mail address, postal address, telephone number) and any contact information linked to your social media profiles. This contact information will be matched in hashed form with the social media providers. 

To provide you with a relevant individualized experience - i.e. at the right time, through the right channel, with the content relevant to you and with the right, personalized message - we link your data and enrich it with additional information, e.g. geodata and profile data from all contact points, including websites and social media channels.

For this purpose, we also evaluate your (previous) click, email opening, purchasing and surfing behaviour on our and other websites/apps, social media sites (e.g. in the context of ads placed) or within the newsletter in order to arrange the content relevant to you. This also includes the data from our eShop, if this website provides an eShop. We can also derive your activity status from this and automatically delete your account in case of inactivity (see below). In addition, we use this data to contact you individually, taking into account purchase transactions that have already been initiated or completed. We therefore create a user profile for the compilation of personalised content.

In addition, sensitive data such as health data (allergies or skin diseases) may be collected. However, we only process these if you have agreed to this.

Finally, we also use your information to analyze and improve the effectiveness of our services. Your details will therefore be stored and used for market analysis and product information purposes. This also includes information you provide in the context of campaigns/actions.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, shipping, processing service providers) in accordance with the necessary purposes (to carry out the sending of the magazine, product samples, advertising, communication etc). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion/withdrawal/objection:

Your data will be deleted as soon as you have deleted your account/profile, unless this conflicts with legal storage obligations or statutes of limitations In order to delete your data, please log into your account + and use the corresponding deletion function or send us your withdrawal of data processing by email. You can also object to individual contact methods in your account/profile by deactivating the contact method. Alternatively, you can also request this via the contact form. We automatically delete your personal data at the latest after 24 months of inactivity.

If your profile has not been verified during the so-called double opt-in process, your profile will be deleted after 6 months at the latest.

Legal basis:

Art. 6 (1) f) GDPR (legitimate interest: analysis and improvement of the effectiveness of our services and combination of the profile with data in our legitimate interest).

Art. 6 (1) a, Art. 9 (2) a GDPR (consent loyalty program)

3.6 Postal mailings

Purpose / Information:

As a selected customer, business partner, test person and/or consumer, you will also receive individual product information, offers, news and product samples from us by post (letter).

This is a special form of direct marketing, which is also our legitimate interest and intensifies loyalty by providing the above-mentioned persons exclusive information.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. customer/consumer management service providers, marketing agency, postal service provider) in accordance with the required purposes (postal mailings). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Objection:

Your data will be deleted as soon as you have unsubscribed, unless this conflicts with legal storage obligations or statutes of limitations. You can unsubscribe or object to further postal mailings as stated within the letter or in the section objection below. We further delete your personal data at the latest automatically after 24 months inactivity (e.g. when you do not use the sent coupons).

Legal basis: Art. 6 (1) f GDPR (legitimate interest)

3.7 Ratings and Reviews

Purpose / Information:

Users have the possibility to submit ratings and reviews of products, processes or other evaluations within the scope of the website's offers in accordance with the conditions of use. We will therefore collect the data that you have provided to us when you submit content via a rating and review.

In the case this website demands a specific consent for sensitive data we will also process sensitive information (e.g. via pictures or content description) about your health or data revealing racial or ethnic origin especially within reviews for products suitable for skin concerns.

It is our legitimate interest that users can give their free opinion about products and that those reviews can appear on third party websites in a pseudonymized manner

We use the data you provide in order to publish and maintain your review and rating on our website in accordance with our conditions of use. Your rating will be published with your username. Your last name will be abbreviated. The ratings might be reviewed before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties. More information can be found in our conditions of use.

We also use your provided data within our legitimate interest to ensure that your review is not based on fraudulent behavior, automatic programs or bots.

Cookies used: Type a. More information can be found in the Cookies Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. hosting service providers, customer management service providers, third party websites) in accordance with the required purposes (for publication on the website). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Objection:

The reviews of the users will be deleted or anonymized after the deletion of the user account.

Legal basis:

Art. 6 (1) a GDPR in conjunction with Art. 9 (2) a GDPR (consent)
Art. 6 (1) f GDPR (legitimate interest)

3.8 Live Chat

Purpose / Information:

This website uses Userlike's live chat software. Userlike uses cookies to keep the chat content available while surfing the website and to connect you to the same operator if possible when chatting again. If a user's message is to be translated into the language of the operator during the chat and the operator's message into the language of the end user, this translation can be achieved by using machine translation software. The data collected is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym, unless personal data is provided voluntarily during the use of the live chat.

The voluntary provision of your personal data is not required for the conclusion of a contract. You are not obliged to provide personal data. If your personal data is not provided, we can still offer you the live chat services.

Used Cookies: Type A. For further information, see Cookie Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. call centers, translation provider) in accordance with the required purposes (for personal consultation). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion:

Your data will be deleted as soon as you have logged out of the live chat, unless this is contrary to legal retention obligations or statute of limitations.

Cookie lifetime: up to 2 years.

Maximum storage period of data: up to 12 months.

Legal basis: Art. 6 (1) b GDPR (situation similar to a contract)

3.9 eShop

Purpose / Information:

If you would like to order products in our web shop, it is required for the conclusion of the contract that you enter your personal data, which we need for the completion and execution of your order. Required information for the execution of the order is marked separately, any other information you provide is voluntary. We process the data provided by you only to process and execute your order.

In addition, you can voluntarily create a customer account through which we can store your data for future purchases. When you create such an account on the website, the data you have provided will be stored revocably. All other data, including your user account, can always be deleted in the customer area.

We may also process the information you provide in course of your purchase in our web shop to send you interesting product information based on the products you have been purchased in our web shop or to give you the possibility to rate your purchased products. We therefore send you information by e-mail in context with your purchase. This is a special form of direct marketing, in which we have a legitimate interest in strengthening consumer loyalty by suggesting appropriate and interesting product information. Besides that, we may also send you technical or other factual information in context with your purchase. You can object at any time to receiving such information by following the requirements as described in in Section 4.

To prevent unauthorized access to your personal data, especially financial data, the order process is encrypted using TLS technology.

Used Cookies: Type A. For further information, see Cookie Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. payment providers, fulfilment providers, customer management service providers, content management provider) in accordance with the required purposes (processing and execution of the order). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

We are obliged by commercial and applicable tax laws to store your address, payment and order data for a period of up to ten years.

Cookie lifetime: up to 2 years.

Maximum storage period of data: up to 14 months.

Legal basis:

Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above) 

3.10 Surveys

Purpose / Information:

When you participate in surveys or similar campaigns, we process the personal information for the purpose described in the consent. The collected data covers questions around the intended purpose of the survey or similar campaign, as well as additional socio-demographic information about you. You may participate without identifying yourself, unless this has been part of the consent.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform, hosting, analysts) in accordance with the purposes required (to carry out the surveys). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion: Your data will be deleted after the final processing of the survey or similar campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations. Usually, data will be deleted after two years.

Legal basis: Art. 6 (1) a GDPR (consent)

3.11 SKiN GUiDE

Purpose / Information:

SKiN GUiDE provides you the opportunity to receive individual product recommendations based on images (especially selfies). This requires access to the (selfie) camera function.

SKiN GUiDE then analyzes your face using your selfie and determines for example the optical age, evenness and firmness of your skin. Additional questions can also be asked, which, depending on your answer, may also contain sensitive health data. These functionalities do not require registration. Optionally, you will receive the test result and other SKiN GUiDE recommendations by email once when you enter your e-mail address in the corresponding field. This means that you will not receive a regular newsletter.   

After an additional registration with our loyalty or SKiN GUiDE program, further functions are available. With the digital skin diary, the development of the skin can be tracked and individual care recommendations and care routines can be offered, also via email. In addition, the data of registered users supports the technology improvement..

Further information on the use of SKiN GUiDE can be found in the SKiN GUiDE FAQs.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform, hosting, analysts) in accordance with the purposes required (to carry out the analysis). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion:

The personal data of users who have not registered will be deleted after 24 hours at
the latest and not further processed.

If the email address for sending the test results is optionally provided, the data will be
automatically deleted after 24 months of inactivity at the latest.

The data of the registered users will be deleted after the deletion of the account. This
does not include data used for further research of the technology. These data are
separated from the profile and can therefore not be assigned to it anymore. These data
will be deleted after the end of research purpose.

Legal basis:

Art. 6 (1) a GDPR in conjunction with Art. 9 (2) a GDPR (consent)
Art. 6 (1) f GDPR in conjunction with Art. 9 (2) j GDPR (research privilege)  

3.12 Data Privacy Statement for applicants (recruitment)

For more information about the application process please go to our dedicated Data Privacy Statement for applicants (recruitment).