Privacy Policy

Protection of your Data is important to us!

For NIVEA not only the care and protection of your skin is important. We also attach great importance to the protection of your personal data. That's why we respect your privacy and want you to be able to trust us as much when it comes to data protection as when it comes to skin care. We always inform you transparently about what we need your data for and if and for how long we store it.

List of Content

1. General Information 
1.1. Processing of Personal Data 
1.2. Controller 
1.3. Rights of the Data Subject 
1.4. Recipients (general information)

2. Collection and Processing of Personal Data when visiting our Website 
2.1 Hosting
2.2 Login Functionalities
2.2.1 Centralised Login Profile
2.2.2Social Login
2.3 eShop
2.4 Ratings and Reviews
2.5 Cookies/tools
2.5.1 Consentmanager CMP - Central cookie management platform
2.5.2 Matomo
2.5.3 Google Analytics
2.5.4 A/B Testing
2.5.5 Google Ads (formerly Google Adwords)
2.5.6 Google Analytics Advertising Features
2.5.7 Google Campaign Manager
2.5.8 Adform
2.5.9 (Website) Facebook Custom Audiences / Conversion ("Facebook Pixel")
2.5.10 Commerce Connector
2.5.11 Where to buy (Swaven)
2.5.12 Data Management Platform (Salesforce Audience Studio/Krux)
2.5.13 Pinterest Pixel
2.5.14 Salesforce/Evergage
2.5.15 Floodlight activities DV360
2.5.16 Social Plug-Ins
2.5.17 Youtube-Videos
2.5.18 Google Tag Manager
2.5.19 Google Maps
2.5.20 Loyjoy Chat
2.5.21 Live Chat (Userlike)
2,5,22 Augmented Reality campaigns (Zappar)
2.5.23 User generated social media content (via squarelovin)
2.5.24 Hotjar
2.5.25 Google reCaptcha
2.5.26 Friendly Captcha
2.5.27 Contentsquare
2.5.28 LinkedIn Insight Tag

3. Further services offered (on- and offline)
3.1 Contacting/Communication/Collaboration
3.2 Newsletter
3.3 Campaigns (Sweepstakes, Surveys, Product Tests)
3.4 Loyalty Program / NIVEA FOR ME
3.5 Postal Mailings
3.6 Surveys
3.7 SKiN GUiDE
3.8 Data Privacy Statement for applicants (recruitment)

4. Objection or Withdrawal of your consent to the Processing of Personal Data


General Information

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our website and related services. This privacy policy applies to all websites or services that refer to this privacy policy. 

 

1.1. Processing of Personal Data

Personal data within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

 

1.2. Controller

Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is: Beiersdorf AG, Unnastraße 48, 20245 Hamburg [Dataprotection[at]Beiersdorf.com] (see our imprint).

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or via the postal address of the controller for the attention of the “data protection officer”.

Specific data processing activities might occur under the responsibility of other controllers. It is indicated in the respective description of those activities below, where this is the case. 

 

1.3. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data in accordance with the legal provisions: 

  • Right of access;
  • Right to rectification and to erasure;
  • Right to restriction of processing;
  • Right to data portability; and 
  • Right to object. 

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3.1

 

1.4. Recipients (general information)

Additionally to the recipients that are listed within the recipients paragraph of each section below, we transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors in accordance with the purposes required. We also forward the data to the following recipients:

  • Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
  • Analytical service providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
  • IT support service providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here:  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
  • Authorities: In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies acc. to: Art. 6 (1) c GDPR (legal obligation).

Further information can be found within the recipients paragraph of each section.


2. Collection & Processing of Personal Data when visiting our Website

When visiting and using our website we already collect personal data. You can find within this section more information about website specific processes and tools especially from external partners. Further information about processes which can also occur in an offline context can be found in section 3.

2.1 Hosting

Purpose/Information:

When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

Used Cookies/Tools: Type A. More information can be found in  „Cookies/Tools“.

Recipients:

  • Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
  • Service Provider for IT-Support will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Further recipients can be found in the general recipients section 1.4.

Deletion:
The deletion of the log files takes place after 7 days.

Legal basis:
Art. 6 (1) f GDPR (legitimate interest)

2.2 Login Functionalities

This website might provide different login functionalities as described below. 

2.2.1 Centralised Login Profile 

Purpose/Information:

This website might provide you with a centralised login profile, if this feature is activated on this website and includes a separate consent during the registration process: When registering, Beiersdorf AG provides you with the opportunity to create an account with a password (login profile). This login profile will be created within the centralised brand login profile database and shall verify that you are the valid owner of the account and/or email address. This login database is in general only connected to the service you are registering to and handles only the verification part of your login profile. The login profile will therefore be forwarded to the respective local Beiersdorf company you are demanding the service for.

If you demand additionally further services of another Beiersdorf company (e.g. registering a login profile for another country site) your login profile incl. password can be optionally reused for your demanded service within this brand. 

Used Cookies: Type A. More information can be found in the “Cookies/Tools” section 2.5.

Controller:

Responsible for the centralised profile is Beiersdorf AG, Unnastr. 48, 20253 Hamburg, Germany.

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or under the postal address of the controller for the attention of the “data protection officer”. 

Recipients:

Platform/Hosting provider. Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion / Withdrawal:

Your login profile will be automatically deleted as soon as you have deleted your local brand account on the registered website, unless this conflicts with legal storage obligations or statutes of limitations. In cases where you are registered with this login profile to more than one local brand account, your login profile will be deleted when all your local brand accounts are deleted. An automatic deletion of local brand accounts in general take place after 24 months of inactivity.

In case you only created this login profile without registering to a local brand account, this login profile will be automatically deleted within one day. 

Legal basis:
Art. 6 (1) a GDPR (consent; centralised login profile)

2.2.2 Social Login

Purpose/Information:

To register and log in to your account, you also have the option of authenticating yourself with your existing profile on one of the following social networks, Facebook, Twitter, Apple or Google, and finally registering or logging in.

For this purpose, you will find on the registration page or login page the corresponding symbols of the respective social networks supported by our website. Before a connection to the social networks is established, you must expressly agree to the process and transmission of data described below:

By clicking on the respective symbol, a new pop-up window opens, in which you must log in with your login data for the social network. After you have successfully logged in, the social network provider will inform you, which data will be transmitted to us for authentication as part of the registration or login process. If you have agreed to this data transfer, the fields required by us for registration will be filled with the transmitted data. The information we require for registration or login is your email address.

Only after your express consent to the use of the transmitted and required data, your data will be stored by us and used for the purposes as stated within this Privacy Policy. There is no link beyond the authentication process between your account created with us and your account on the corresponding social network.

In order to perform the authentication process for registration and login, your IP address is transmitted to the respective social network provider. We have no influence on the purpose and scope of data collection and on the further processing of the data by the respective social network providers. 

 Controller:

In case this feature is provided within the centralised login profile functionality: Responsible for this social login feature is Beiersdorf AG, Unnastr. 48, 20253 Hamburg, Germany.  

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or under the postal address of the controller for the attention of the “data protection officer”.  For all other cases the controller is named under clause 1.2 above.

Recipients/Sources:

Main service providers:

  • Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland
  • Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
  • Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
  • Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion:

The deletion is in the responsibility of the main service providers.

Legal basis:

Art. 6 (1) a GDPR (consent)

2.3 eShop

Purpose/Information:

In the case this website provides a dedicated eShop, the following applies: If you would like to order products in our eShop, it is required for the conclusion of the contract that you enter your personal data, which we need for the completion and execution of your order. We process the data provided by you only to process and execute your order.

In addition, you can voluntarily register so we can store your data for future purchases. When you create such an account on the website, the data you have provided will be stored revocably. All other data, including your user account, can always be deleted in the customer area.

We may also process the information you provide with your purchase in our web shop to send you interesting product information based on the products you have purchased in our eShop. We therefore send you information by email in context with your purchase. This is a special form of direct marketing, based on our legitimate interest in strengthening consumer loyalty by suggesting appropriate and interesting product information. Besides that, we may also send you technical or other factual information in context with your purchase. You can object at any time to receiving such information by following the requirements as described in in Section 4.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Cookie/Tools Type A. More information can be found in the “Cookies/Tools” section  2.5.

Controller:

If you purchase products in the eShop from Beiersdorf NV, De Passage 126-136, 1101 AX Amsterdam, Netherlands that company will be responsible for the processing of personal data as your seller and can be reached by post or contact form in the eShop. For all other cases the controller is named under clause 1.2 above.

Recipients:

  • Platform/Hosting service provider
  • Payment service provider
  • Fulfilment service provider
  • Customer /Consumer service provider
  • Content management website provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion:

If no other legal basis applies, we will delete your purchase data in accordance with retention periods under applicable commercial and tax laws.

Cookie lifetime: up to 2 years.

Maximum storage period of data: up to 14 months.

Legal basis:

Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above)

2.4 Ratings and Reviews

Purpose/Information:

Users might have the possibility to submit ratings and reviews of products, processes or other evaluations within the scope of the website's offers in accordance with the conditions of use. We will therefore collect the data that you have provided to us when you submit content via a rating and review.

In the case this website demands a specific consent for sensitive data we will also process sensitive information (e.g. via pictures or content description) about your health or data revealing racial or ethnic origin especially within reviews for products suitable for skin concerns.

It is our legitimate interest that users can give their free opinion about products and that those reviews can appear on third party websites in a pseudonymised manner.

We use the data you provide in order to publish and maintain your review and rating on our website in accordance with our conditions of use. Your review will be published with your nickname/pseudonym. The review might be checked before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties. More information can be found in our conditions of use.

We also use your provided data within our legitimate interest to ensure that your review is not based on fraudulent behaviour, automatic programs or bots. It is therefore possible that you will receive a verification email to validate your email address, unless you have logged in via a user account.

Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

  • Platform/Hosting service provider
  • Consumer service provider
  • Fraud prevention service provider (for publication on a third-party website).
  • Third party websites

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion / Objection:

The personal data of the users will be deleted or anonymised after the deletion of the user account or after a specific request. The personal data of the users who have only received a verification email or do not have a user account will be deleted or anonymised after the corresponding deletion request. The published reviews will usually remain visible under the published nickname/pseudonym unless you request a deletion separately.

Legal basis:

Art. 6 (1) a GDPR in conjunction with Art. 9 (2) a GDPR (consent)

Art. 6 (1) f GDPR (legitimate interest)

2.5 Cookies/Tools

This website uses cookies or other technologies/tools like pixels, local storage, tags, IDs or external services (hereinafter referred to as “Cookies/Tools”) and are used on when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).

Through the information saved and returned, the respective website can recognise that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies/tools, the scope and functionality of which are explained below:

  • Type A: Technical/Audience Measurement – to ensure that the demanded service can be provided including basic analysis. (No consent necessary acc. to ePrivacy Directive 2002/58 EC).
  • Type B: Functional and Performance – Additional tools to measure the performance/attractiveness of our website and to provide further additional (personalised) functionalities.
  • Type C: Marketing – Cross websites tools for marketing profiling based on user behaviour.

You can find more information on in the description of the tools implemented on our websites in this privacy policy. In case this website is using a consent management platform you can additionally find further information in there.

Please note that the tools listed in the following subsection might not be constantly in use.

2.5.1 Consentmanager CMP – Central cookie management platform

Purpose/Information:
This website is using the consent management tool “Consentmanager” (www.consentmanager.net) to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalised advertising. With the help of “Consentmanager” you can grant or reject your consent for all or individual purposes or functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned functions and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from your end device, such as the IP address, are processed.

By processing the data, consentmanager helps us to fulfil our legal obligations (e.g. obligation to provide evidence). Our interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active.

Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Main service provider is Consentmanager AB, Håltegelvägen 1b, 72348 Västerås Sweden.

Further recipients can be found in the general recipients section 1.4.

Deletion:

The data will be deleted after 13 months. The choice you have made (consent/setting) will be stored for one year and can be viewed here.

You can always delete your choice by deleting the cookies within your browser.

 

Legal basis:

Art. 6 (1) b GDPR (situation similar to a contract)

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

 

2.5.2 Matomo

Purpose/Information:
This site uses Matomo to analyse and regularly improve the usage of our website. It helps us to ensure that the website operates correctly especially by checking the functionalities of the website (e.g. to detect website navigation problems or to ensure enough server capacities). The statistics obtained also allow us to improve our website and make it more interesting for you as a user. Your IP-address will be automatically anonymised

Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:
Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
The collected personal data will be deleted after 1 day. Your IP-address will be anonymised immediately. You can deactivate this tool via the cookie settings here 
 
Legal basis:
Art. 6 (f) (legitimate interest ensuring the website operation and statistical usage)
 

2.5.3 Google Analytics

Purpose/Information:

This website uses Google Analytics, a web analysis service of Google Ireland Ltd. (“Google”). The configuration of Google Analytics has been modified by us to the measurement only function, unless separate consent for further advertising features has been given.

Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website. The cookies set by Google Analytics for measurement are first party cookies, which means that data subjects’ cookie values will be different for each customer (i.e. there is not a single Google Analytics cookie ID that is used on all sites using Google Analytics). The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there. 

We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp();” to ensure the anonymised recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google within the territory of the EU and the Treaty States of the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there

Google uses this information on our behalf to analyse your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. 

 

In the configuration of Google Analytics, we ensured that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The "Google Analytics Advertising Features" configuration is independent from this and is described in the appropriate section below, provided it is also used on this website. 

Cookies/Tools: Type B. More information can be found in the “Cookies/Tools” section  Cookie Section.

Recipients:
Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics Terms of Service: https://www.google.com/analytics/terms/gb.html, General overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en, as well as Google’s privacy policy: https://policies.google.com/privacy?hl=en. 

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:
You can deactivate this tool via the Cookie Settings ;here 

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 26 months.

Legal basis: Art. 6 (1) f GDPR (legitimate interest) 

Purpose/information:

This website also carries out analyses of user behavior via a so-called A/B testing. We can show you our websites with slightly varied content, depending on your profile assignment. This enables us to analyze and regularly improve our services and make them more interesting for you as a user.

Cookies are stored on your computer for these analyses. The information collected in this way is stored exclusively on a server in the EU. You can prevent the storage of cookies by making the proper setting using your browser software.

Before the analyses are carried out, the IP addresses are further processed in abbreviated form, so that direct personal contact can be ruled out. The IP address transmitted by your browser is not merged with other data collected by us.

Used Cookies: Type B. For further information, see Cookie Section.

Recipients:

The data is accessible by our analytical service providers based in the EU.

Deletion/objection:

You can deactivate this tool via the Cookie Settings here.

Cookie lifetime: up to 2 years (this applies only for cookies which have been set by this website.).

Maximum storage period of data: up to 25 months. You can deactivate this tool within the cookie settings here

Legal basis: Art. 6 (1) f GDPR (Consent)

2.5.5 Google Ads ( formerly Google Adwords) 

Purpose/Information:
Google Ads Conversion

We use the services of Google Ads to draw attention to our attractive offers with the help of advertisements (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

The advertisements are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognise your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their device has not expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognise which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

Google Ads Remarketing

We use the remarketing function within the Google Ads service. The remarketing function allows us to present to users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores cookies in the browsers of users who visit certain Google services or websites in the Google Display Network. This cookie is used to record the visits of these users. The number is used to uniquely identify a web browser on a particular device. 
Cookies/Tools: Type C.

More information can be found in the “Cookies/Tools” section 2.5

Recipients: 
Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. 
 
Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:

You can deactivate this tool via the Cookie Settings here

Cookie lifetime: up to 180 days (this applies only for cookies which have been set by this website).

Legal basis: 
Art. 6 (1) a GDPR (consent)

This website also uses the extended functions of Google Analytics (Google Analytics Advertising Features) in addition to the standard functions. The Google Analytics Advertising Features implemented on this website include:

  • Google Display Network Impression Reporting
  • Google Analytics Demographics and Interest Reporting
  • Remarketing Audiences based on specific behaviour, demographic, and interest data, sharing those lists with Google Ads
  • Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers

We therefore use first-party cookies (e.g. Google Analytics cookies) and Google advertising cookies and identifiers together in order to optimise our website.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5

Recipients:
Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. 

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:

You can deactivate this tool via the Cookie Settings  here

Cookie lifetime: up to 12 months (this applies only for cookies which have been set by this website).

Legal basis:

Art. 6 (1) a GDPR (consent)

Purpose/Information:
This website also uses the online marketing tool Campaign Manager by Google. Campaign Manager uses Cookies to display ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Campaign Manager may use cookie IDs to collect so called conversions related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and buys something there. 

Your browser automatically establishes a direct connection to the Google server once visiting our website. We have no influence on the extent and the further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Campaign Manager, Google receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

In addition to that, Campaign Manager cookies (e.g. named as DoubleClick or Floodlight) allow us to understand whether you complete certain actions on our website(s) after viewing one of our display/video ads on Google or other platforms through Campaign Manager or clicking through one (conversion tracking). Campaign Manager uses this cookie to understand the content with which you have interacted on our website(s) in order to be able to send you targeted advertising later.

Used Cookies: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal

You can deactivate this tool via the Cookie Settings  here

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (consent)

 2.5.8 Adform

Information/purpose:

This website uses the online marketing tool Adform by Adform A/S Denmark. Adform uses tracking on our website via cookies and similar tracking technologies based on

IDs (short cookie). The Adform cookie is placed on our website as soon as you have given your consent. An Adform cookie will also be placed, if you view our advertisement placed on third-party websites via Adform and you have consented to cookies on that website.

The of optimizing and personalizing advertising campaigns for Adform’s customers, including us. The Adform cookie collects the following data from us or our advertising material: Cookie ID, device type / ID, time of clicking on the website or the advertising medium, the URL of the website or the advertising medium, information automatically sent by your device (including Language setting, IP address, demographic data) interest data, socio-demographic data associated with a cookie or other ID.

Cookie/Tools: Type C. More information can be found in the  Cookie Section.

Recipients:

Main service provider: Adform A/S, Denmark.

Joint Controllership:

We and Adform are joint controllers of the collection of personal data and their disclosure to Adform by means of the Adform cookie and as joint controllers. The agreement lays down, who is responsible for compliance with certain data protection duties and who is responsible for follow-up in relation to your data protection rights. Adform is responsible for responding to your queries and for your data protection rights (e.g. the duty to provide information, your right to object, etc). To exercise your rights, you can contact Adform at the following link. You can also contact us about this. You can withdraw your cookie consent at any time and without giving reasons, by contacting Adform or deactivate the tools as stated below.

When Adform processes the data for its own purposes, Adform is the only data controller and solely responsible for its optimizing of advertising campaigns and target groups. Adform will analyse the data collected via cookies and IDs to be able to deliver targeted advertising purchases on behalf of Adform’s customers (including us), as detailed in Adform’s Privacy Policy. Click here for additional information on Adform’s processing, including when Adform will delete your data.

Further recipients can be found in the general recipients 1.4.

Deletion/withdrawal:

You can deactivate this tool via the Cookie Settings  here

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 13 months.

Legal basis: Art. 6 (1) a GDPR (consent) 

2.5.9 (Website) Facebook Custom Audiences/ Conversion(“Facebook Pixel”)

Information/purpose:

This website uses the so-called "Facebook Pixel" and the Conversions API of the social network "Facebook" by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes:

  • Facebook (website) Custom Audiences
    We use the Facebook pixel for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network "Facebook" or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you.

  • Facebook conversion
    We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies requiring your consent. Through the integration of the Facebook pixel, Facebook receives the information that you have called up the corresponding website of our internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.

The processing of this data by Facebook takes place within the framework of Facebook's data policy. Special information and details about the Facebook pixel and its functionality can also be found in the Facebook help area.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section  Cookie Section.

Recipients:

Joint Controller:
We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for the collection and transfer of data in this process. This applies to the following purposes:

  • The creation of individualized or suitable ads, as well as for their optimization
  • Delivery of commercial and transaction-related messages (e.g. via Messenger)

The following processes are therefore not covered by joint controllership:

  • The process that takes place after the collection and transmission is within the sole responsibility of Facebook.
  • The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility.

We have concluded a corresponding agreement with Meta for joint controllership, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint controllership.

The contact details of the Controller and the data protection officer of Meta can be found here: https://www.facebook.com/about/privacy.

We have agreed with Meta that Meta can be used as a contact point for the exercise of data subject rights (see Section 1.3). Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited.

Further information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR.

Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Further recipients can be found in the general recipients 1.4.

Deletion/withdrawal:

You can deactivate this tool via the Cookie Settings here and for logged in users at https://www.facebook.com/settings/?tab=ads#

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) a GDPR (consent) 

 

2.5.10 Commerce Connector

Purpose/Information:

On our website, we provide you with a list of different online retailers, where you can buy our products. If you click on a link to one of the retailers, you will be forwarded to the product detail webpage of the selected retailer and our partner - Commerce Connector GmbH, - will store a cookie on your device for a period of 7 days. If you make a purchase at the selected retailer within this period, Commerce Connector gets a general information about your purchase once you have finalised the purchase and reached the order confirmation page.

For this reason, Commerce Connector receives a unique cookie number that is used to create anonymous sales statistics of our products purchased through the link. Commerce Connector provides us with this anonymous statistics.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Commerce Connector GmbH, Deckerstr. 41, 70372 Stuttgart, Germany.

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:

You can deactivate this tool via the Cookie Settings here.

Cookie lifetime: 7 days (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (consent)

2.5.11 Where to buy (Swaven)

Purpose/Information:

On our website, we provide you with a list of different online retailers, where you can buy our products (e.g. with a shopping cart symbol). For a better user experience and to show local stores, we use the geolocation of the visitor to personalise the service. We operate at city scale geolocation by partially analysing the anonymised IP address. A more precise geolocation can be used when the user has validated the function within the browser. The geolocation is used only during the session.

This tool uses features especially to ensure the security from external attacks via session cookies. It also gives analytical information to analyse the efficiency of the tool which is also our legitimate interest. A cross-website tracking does not occur, so we do not get the information if you have bought something in the selected store.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:
Swaven SAS, Paris, France.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. Further recipients can be found in the general recipients section 1.4. [Link to section 1.4]

Deletion:
The IP address for the geolocation is automatically anonymised. Cookie lifetime: Session (this applies only to cookies which have been set by this website)

Legal basis:
Art. 6 (1) f GDPR (legitimate interest)

2.5.12 Data Management Platform (Salesforce Audience Studio/Krux)

Information/Purpose:

This website uses a tool to centralize the website visitors within one platform in order to segment the users for campaigns and to receive insights about the performance of a campaign. The differentiation of visitors is based on unique ID (cookies or local storage). The tool also provides the possibility that individual product/marketing information on third party websites can be published based on the visit on our website. The data may include information about how the user came to the website and how users interact with it. Browsers automatically also send certain standard information to every website a user visits, such as an IP address, browser type and language settings, access times, and referring website addresses. Additionally, the tool provides the possibility to connect the website visitor data (also cross-device) to our registered users once they are logged in and the user has consented to it.

Further information can be found here: https://www.salesforce.com/products/marketing-cloud/sfmc/audience-studio-privacy/

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Main service provider: salesforce.com Germany GmbH, Germany

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at the main service provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:

The personal data this tool collects gets deleted within 6 months of inactivity. The consent can be withdrawn with effect for the future within the cookie settings (click here). In the case of registered users and with the respective consent, the data may be linked to their consumer profile. The deletion rules for the consumer profile then apply accordingly (e.g. loyalty program).

Cookie lifetime: up to 6 months (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) a GDPR (consent)

2.5.13 Pinterest Pixel

Purpose/Information:

This website uses the Pinterest pixel of the social network "Pinterest" for remarketing purposes in order to be able to address you " or other websites also using the method.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Pinterest server as soon as you have agreed to the use of cookies requiring consent. Through the integration of the Pinterest pixel, Pinterest receives the information that you have called up the corresponding web page of our website or clicked on an ad of ours. If you are registered with Pinterest, Pinterest can assign the visit to your account.

In addition to the IP address and the marketing identifier, Pinterest also receives information about the end device used, the website visited and the time and can assign this data to your Pinterest account. Pinterest processes this data on its own responsibility. We have no influence on the data collection and further processing by Pinterest.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Main service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4

Deletion/Withdrawal:

You can deactivate this tool via the Cookie Settings here.

Cookie lifetime: up to 180 days after the last interaction (this only applies to cookies set via this website).

Legal basis:

Art. 6 (1) a GDPR (consent)

 

2.5.14 Salesforce/Evergage

Purpose/Information:

This website uses the Evergage (Salesforce Interaction Studio) tool for personalization. It allows us to display personalised content based on website actions (e.g. click, viewing time, entering a search term) and to better understand the needs of our website visitors. For example, we are then able to show you products that you might like or, as a loyalty program user, send you a message by email if you have forgotten products in your shopping cart.   

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Main service provider: salesforce.com Germany GmbH, Germany.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at the main service provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Withdrawal/Deletion: 

You can deactivate this tool via the Cookie Settings here

If the data is merged with your profile, the data will be deleted accordingly when you delete your loyalty program profile.

Cookie lifetime: up to 180 days (this only applies to cookies set via this website).

Storage period: 2 years (this only applies to the data collected from the cookies). 

Legal basis:  

Art. 6 (1) a GDPR (consent) 

2.5.15 Floodlight Activities/DV360

Purpose/Information:

This website uses DV360's Floodlight Tag to measure the effectiveness of our advertising campaigns, to limit the frequency with which you are shown a particular ad, and to display only ads that are relevant to you and your interests. In particular, information about the ads you click on, as well as your previous user behaviour on third party websites, is collected and stored. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Google ad and later calls up our website with the same browser and buys something there. The cookies do not contain any personal information such as email addresses, names or addresses.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. Through the integration of the floodlight tag, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. 

In addition, the Floodlight Tags used allow us to understand whether you perform certain actions on our website after you have called up one of our display/video ads on another platform or clicked on it (conversion tracking). Google uses this cookie to understand the content you have interacted with on our websites in order to later send you targeted advertising.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:

You can deactivate this tool via the Cookie Settings here

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (consent)

2.5.16 Social Plug-ins

Purpose/Information

Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of Facebook, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for Facebook.com in Europe. The plug-ins are usually marked with a Facebook logo. 

Besides Facebook, we use plug-ins from Twitter (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and Pinterest (Provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland).

For data protection reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social network. For this reason, there is no automatic data transmission to social networks such as Facebook, Twitter or Pinterest once you access our website. Data will be transmitted to social networks only if you actively click on the respective social network button. In this case, your web browser starts a connection to the respective social network's servers. By clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your browser will produce a link to the respective social network's servers and transmit usage data to the respective operator of the social network and vice versa. We have no influence upon the nature and extent of the data that is then gathered by the social networks.

The social network providers store the data collected about you as user profiles and use these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in providers to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

Recipients:
Main service providers: 
-Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland
-Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
-Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion:
The deletion is in the responsibility of the main service providers.

Legal basis: 
Art. 6 (1) a GDPR (consent)

Purpose/Information:
We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.

By playing the videos YouTube receives the information that you have accessed the corresponding subpage of our website and might place further tools for marketing purposes. If you are logged in to Google, your information will be directly associated with your account.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” 2.5.

Recipients:
Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. 

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
The deletion is in the responsibility of the main service providers.
You can deactivate this tool via the Cookie Settings here

Legal basis: 
Art. 6 (1) a GDPR (consent)

2.5.18 Google Tag Manager

Purpose/Information:
This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data are stored. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.
Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5

Recipients:
Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. 
Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion:
The Google Tag Manager does not store any personal data.

Legal basis: 
Art. 6 (1) f GDPR (legitimate interest)

2.5.19 Google Maps 

Purpose/Information:
This website uses the service Google Maps to display map material and/or show directions (e.g. in our pharmacy finder). When you use the service, information about your use of this website and your IP address is transmitted to a Google server in the USA. This takes place regardless of whether you have a Google account through which you are logged in or whether no user account exists. Google might also place further tools for marketing purposes. If you are logged in with Google account, your data will be linked directly to your account.

Further information on the purpose and scope of data collection and its processing by Google can be found at https://www.google.com/policies/privacy/.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:
Main service provider: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. 
Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
The deletion is in the responsibility of the main service providers. You can deactivate this tool via the Cookie Settings here;

Legal basis: 
Art. 6 (1) a GDPR (consent)

Purpose/Information:
This website provides the feature to get in a personalised dialog with us. In our chat you can ask questions, or via chatbot participate in surveys or sweepstakes and order the newsletter or become part of the loyalty program. We therefore collect various communication/interaction data as provided by you. This gives us also the possibility to analyse the data and to evaluate them for statistical purposes. 

Cookie/Tools: Type B. More information can be found in the “Cookies/Tools” section 2.5

Recipients:

Main service provider: Loyjoy GmbH, Muenster Germany. Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:
The chat dialogs within the chatbot will be automatically deleted after 365 days. The user has the possibility to delete the data earlier within the chatbot menu and to use further privacy rights. Depending on selected purposes (sweepstake, surveys, newsletter etc.) the data retention periods as mentioned in the corresponding context applies (see below).

If there is a live chat with an agent, the chats are deleted after 7 days. Depending on the inquiry the chats might be used to fulfil your request as described under section 3.1 (contacting/communication/collaboration). In those cases the deletion period applies accordingly.

You can deactivate this tool via the Cookie Settings here

Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website)

Legal basis: 
Art. 6 (1) a GDPR (consent )

Purpose/Information:
This website uses Userlike's live chat software. Userlike uses cookies to keep the chat content available while surfing the website and to connect you to the same operator if possible when chatting again. If a user's message is to be translated into the language of the operator during the chat and the operator's message into the language of the end user, this translation can be achieved by using machine translation software. The data collected is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym, unless personal data is provided voluntarily during the use of the live chat.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

  • Main service provider: Userlike UG (haftungsbeschränkt), Germany.
  • Translation service provider
  • Consumer service provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4

Deletion:
Your data will be deleted 60 days after you have last used the live chat, unless this is contrary to legal retention obligations or statute of limitations.

Cookie lifetime: up to 365 days.

Legal basis:
Art. 6 (1) b GDPR (situation similar to a contract)


Purpose/Information: 
This website provides augmented reality (AR) features. It will therefore require access to your device camera to function as intended. The pictures or videos from your device will not be collected or stored. 

This website uses creates statistics to measure the performance and functionality of the augmented reality campaigns. A unique user profile will not be created.

For a more detailed statistic and to route you to your local website we will determine your IP-address location. Your IP-address will be as soon as possible discarded and not stored within the statistics.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5

Recipients: 
Main service provider: Zappar Ltd, The Barley Mow Centre;10 Barley Mow Passage, London W4 4PH UK (SC394617). Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion / Objection:
The pictures or videos from your device will not be collected or stored. For the determination of the location we will use the IP-address, which will be afterwards discarded and not stored within the statistics. The deletion is in general within seconds but can take under certain conditions up to 24 hours.  

Legal basis:  
Art. 6 (1) b GDPR (situation similar to a contract- for providing the AR feature)
Art. 6 (1) f GDPR (legitimate interest as described above)

Purpose/Information: 

This website provides the feature to show content provided from social media users after their approval. The content you see within the tool is based on functional cookies (e.g. language, last stream loaded and seen) and is for your convenience. We also use the data for analytics and statistics. Further information can be found on: https://squarelovin.com/privacy

Cookie/Tools: Type B. More information can be found in the “Cookies/Tools” section 2.5

Recipients: 
Main service provider: Anchor Media GmbH, Germany. Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion:
You can deactivate this tool via the Cookie Settings here
Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Legal basis:  
Art. 6 (1) a GDPR (consent)

2.5.24 Hotjar

Information/ Purpose:
We use Hotjar in order to better understand our users' needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users' behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Recordings from Hotjar cannot record your personal data such as account log ins or payment details as text is suppressed.

Hotjar stores this information on our behalf in a pseudonymized user profile. It used cookies to recreate a session and Hotjar is contractually prohibited from selling the data collected on our behalf.

Cookie/Tools: Type B. More information can be found in the “Cookies/Tools” section 2.5

Recipients:
Main service provider: Hotjar Ltd, Malta

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion/ Withdrawal:
We temporarily store IP addresses of visitors to our Website for associated performance metrics (i.e. data related to how well our Software performs on Our Site) and to monitor and track application errors. We will never access these IP addresses without any operational or security need. We automatically delete these IP addresses within thirty (30) calendar days. 

Recordings from Hotjar are deleted after each session. 

You can deactivate this tool via the Cookie Settings here
Cookie lifetime: up to 365 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis: 
Art. 6 (1) a GDPR (consent)

Purpose/Information: 
This website uses in specific cases the Google reCAPTCHA v2 to avoid the usage of text fields by automated programs/bots. It helps to support the security of our website and to avoid SPAM for the users. This is also our legitimate interest and fulfils our legal obligation.

The collected data are hardware and software information, such as device and application data and the result of integrity checks. These data will be sent to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data will not be used by Google for personalised ads.

Further information can be found in their privacy policy: https://policies.google.com/privacy. Further documentation can be found here: https://developers.google.com/recaptcha/https://developers.google.com/recaptcha/ https://www.google.com/recaptcha/admin/create

Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion:
Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website)

Legal basis:
Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)
Art. 6 (1) f GDPR (when processing according to the legitimate interest described above)

Purpose/Information: 
This website uses in specific cases the Friendly Captcha to avoid the usage of text fields by automated programs/bots. It helps to support the security of our website and to avoid SPAM for the users. This is also our legitimate interest and fulfils our legal obligation. 

Further information: https://friendlycaptcha.com/legal/privacy-end-users/  

Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section 2.5

Recipients: 
Main service provider: Friendly Captcha GmbH, Germany.  
Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal: 
The IP-address will be immediately after collection anonymised. 

Legal basis:  
Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation) 
Art. 6 (1) f GDPR (when processing according to the legitimate interest described above) 

Purpose/Information: 
This website uses Contentsquare, a cookie based web analysis service of Contentsquare GmbH (“Contentsquare”). Contentsquare processes user IP-addresses for geolocation (city level), blacklisting unwanted visitors and troubleshooting. We use Contentsquare to analyse and regularly improve the usage of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. In addition, we gain information about the functionality of our site (for example to detect navigation problems).

Cookie/Tools: Type B. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:
Main service provider: Contentsquare GmbH, Germany. General overview on Contentsquare security and privacy principles: https://contentsquare.com/privacy-center/

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
You can deactivate this tool via the Cookie Settings here [Link to cookie settings].

Maximum storage period of IP address: 3 days.

Cookie lifetime: up to 13 months after last interaction (this applies only to cookies which have been set by this website)

Legal basis:
Art. 6 (1) a GDPR (consent)

 

Purpose/Information: 
We use the LinkedIn Insight Tag on this website. The LinkedIn Insight Tag collects metadata such as URL, IP address, timestamp, device and browser characteristics in order to produce insights and campaign reporting. We are not able to identify you through these reports. LinkedIn provides only reports and alerts (which do not identify you) about the website audience and ad performance. You can control the use of your personal data for advertising purposes through your LinkedIn account settings.

Further information:

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/legal/cookie-policy

https://www.linkedin.com/legal/l/cookie-table

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section 2.5.

Recipients:
Main service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Grand Canal Dock, Dublin, 2 Ireland

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
You can deactivate this tool via the Cookie Settings here.

Cookie lifetime: up to 90 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:
Art. 6 (1) a GDPR (consent)

 


3. Further Services Offered (on- and offline)

In addition to the online use of our website, we offer various other services, for which we process your personal data also in an offline context.

Contrary to 1.2, in some cases a Beiersdorf Company is Controller for the services offered below, which has already been named to you as part of the communication. If reference is therefore made to sections of this privacy policy, e.g. by link, and a Controller has already been named, e.g. in the footer/signature of an e-mail or campaign card, this person is the Controller in accordance with. Art. 4 No. 7 GDPR. 

3.1 Contacting/Communication/Collaboration

Purpose / Information:

When communicating and/or collaboration with us, e.g. by email or via contact form on our website, data exchange platform, be it e.g. as a consumer, test person, business partner or customer, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

With regard to the cooperation with our suppliers, we have implemented an internal evaluation process which, in our legitimate interest, is intended to improve the business relationship by developing an "action plan". As a rule, we only process information about the company, but conclusions can be drawn about you as the contact person, if the communication with suppliers is examined with regard to response times, reliability and transparency.

We may ask you when you contact us by telephone as a consumer whether the telephone call may be recorded for quality assurance and training measures. If you agree to the recording, we will process all information that you share with us during the call (communication content, possibly also sensitive (health) data, as well as your phone number and other personal data).

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request. 

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Controller:
If you purchase products in the eShop Beiersdorf NV, De Passage 126-136, 1101 AX Amsterdam, Netherlands, Beiersdorf NV is responsible for the data processing described in this clause. This applies also to any questions about your order that you might ask through the contact form provided in the eShop.

For all other cases of contacting/communication/collaboration is the controller named under clause 1.2 above.

Recipients and sources:

In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If an affiliated company reports a need to work with you as a supplier, we will share our experiences from working with you with the affiliated company.

If you are a business partner, we will compare your data against published lists of misleading suppliers (e.g. warning lists of World Intellectual Property Organization and Bundesanzeiger Verlag GmbH) to make an informed decision about potential payments. We also regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. For this purpose, we cooperate with credit agencies from which we receive the necessary data. For this purpose we transmit your name and your contact data to the credit agencies.

If you are a business customer or partner, it may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymised data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.

Additionally we transfer the data to the following recipients:

  •  Customer/Consumer service providers
  • Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion /Objection:

We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year, if no other legal retention periods apply. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.

Call recordings are stored for a maximum of 90 days. 

You can object to these processes according to the requirements under 4.

Legal basis:

Art. 6 (1) a GDPR in conjunction with Art. 9 (2) a GDPR (consent: telephone recording)
Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract) 
Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)
Art. 6 (1) f GDPR (when processing according to the legitimate interest described above) 

3.2 Newsletter

Purpose / Information:

The newsletter contains news, offers and further information on the selected Beiersdorf brands. By subscribing to the newsletter, you will receive in accordance with the consent you have given in each case personalised information about the products, services or suggestions for participation in promotions, such as competitions or product tests by email

With your registration for the newsletter you will receive a newsletter tailored to your needs (if the newsletter is "personalised", "individualised" or "customised"). We evaluate your purchase and click behaviour on our websites or within the newsletter in order to compile the information relevant to you. 

In case this website offers a loyalty program, this newsletter is part of the loyalty program.

Recipients:

  • Platform/hosting provider
  • Consumer service provider
  • External agencies for newsletter support

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion / Withdrawal: 
These collected data are automatically deleted after 24 months at the latest if they no longer respond to the newsletter, e.g. open (inactivity). If you no longer wish to receive the newsletter, you can unsubscribe at any time. Click on the link contained in each newsletter, you will then be guided through the unsubscribe process, or send us your withdrawal by email.

If your profile has not been verified during the so-called double opt-in process, your profile will be deleted after 6 months at the latest.

Legal basis: 
Art. 6 (1) a GDPR (consent)

3.3 Campaigns (e.g. Sweepstakes, Product Tests)

Purpose / Information:

When you participate in sweepstakes or similar campaigns, we use the personal information you provide to conduct the campaign. Further information on the purposes can be found in the respective terms and conditions of the campaign.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Recipients:

  • Platform/hosting provider
  • Consumer service provider
  • Shipping service provider (e.g. for sending samples, prises)
  • External agencies for support in campaigns

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion: 
Your data will be deleted after the final processing of the campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations. 

Legal basis: 
Art. 6 (1) b GDPR (situation similar to a contract)

3.4 Loyalty Program 

Purpose / Information:

The purpose of this program is a personalised experience for you as a member. When you register to our loyalty program (online or offline), you will receive exclusive and personalised content, like the newsletter, product samples or special offers, e.g. by email, post, SMS or online advertising 2.3on our own or third-party channels, such as social media (e.g. Facebook). For this purpose we use the contact information you provide (e.g. email address, postal address, telephone number) and any contact information linked to your social media profiles. This contact information will be matched in hashed form with the social media providers.

To provide you with a relevant individualised experience - i.e. at the right time, through the right channel, with the content relevant to you and with the right, personalised message - we link your data and enrich it with additional information, e.g. geodata and profile data from all contact points, including websites and social media channels.

For this purpose, we also evaluate your (previous) click, email opening, purchasing and surfing behaviour on our and other websites/apps, social media sites (e.g. in the context of ads placed) or within the newsletter in order to arrange the content relevant to you. This also includes the data from the eShop, if this website provides an eShop. We can also derive your activity status from this and automatically delete your account in case of inactivity (see below). In addition, we use this data to contact you individually, taking into account purchase transactions that have already been initiated or completed. We therefore create a user profile for the compilation of personalised content.

In addition, sensitive data such as health data (allergies or skin diseases) may be collected. However, we only process these if you have agreed to this.

Finally, we also use your information to analyse and improve the effectiveness of our services. Your details will therefore be stored and used for market analysis and product information purposes. This also includes information you provide in the context of campaigns/actions.

Recipients:

  • Platform/hosting provider
  • Consumer service provider
  • Shipping service provider (e.g. for sending samples)
  • External agencies for support in campaigns
  • Social media channels
  • Online marketing supplier, as described in section 2 under "Cookies/Tools"

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal/objection:
Your data will be deleted as soon as you have deleted your account/profile, unless this conflicts with legal storage obligations or statutes of limitations In order to delete your data, please log into your account and use the corresponding deletion function or send us your withdrawal of data processing by email. You can also object to individual contact methods in your account/profile by deactivating the contact method. Alternatively, you can also request this via the contact form. We automatically delete your personal data at the latest after 24 months of inactivity.

If your profile has not been verified during the so-called double opt-in process, your profile will be deleted after 6 months at the latest.

Legal basis:
Art. 6 (1) f) GDPR (legitimate interest: analysis and improvement of the effectiveness of our services and combination of the profile with data in our legitimate interest).
Art. 6 (1) a, Art. 9 (2) a GDPR (consent loyalty program) 

3.5 Postal mailings

Purpose / Information:

As a selected customer, business partner, test person and/or consumer, you will also receive individual product information, offers, news and product samples from us by post (letter). 

This is a special form of direct marketing, which is also our legitimate interest and intensifies loyalty by providing the above-mentioned persons exclusive information.

Recipients:

  • Platform/hosting provider
  • Consumer service provider
  • Shipping service provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion / Objection:

Your data will be deleted as soon as you have unsubscribed, unless this conflicts with legal storage obligations or statutes of limitations. You can unsubscribe or object to further postal mailings as stated within the letter or in the section objection below. We further delete your personal data at the latest automatically after 24 months inactivity (e.g. when you do not use the sent coupons).

Legal basis: Art. 6 (1) f GDPR (legitimate interest) 

3.6 Surveys

Purpose / Information:

When you participate in surveys or similar campaigns, we process the personal information for the purpose described in the consent. The collected data covers questions around the intended purpose of the survey or similar campaign, as well as additional socio-demographic information about you. You may participate without identifying yourself, unless this has been part of the consent.

For some surveys it is necessary to ensure technically that no double participation or resumption of the survey is possible. This can be done, for example, through the use of individualised links or cookies.

Cookies used: Type A. More information can be found in the “Cookies/Tools” section 2.5.  

Recipients:

  • Platform/hosting provider
  • Consumer management service provider 
  • External agencies for survey purpose 

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion:
Your data will be deleted after the final processing of the survey or similar campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations. Usually, data will be deleted after two years.

Cookie lifetime: up to 180 days (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) a GDPR (consent)

3.7 SKiN GUiDE

Purpose / Information:

SKiN GUiDE provides you with the opportunity to receive individual product recommendations based on images (especially selfies). This requires access to the (selfie) camera function

SKiN GUiDE then analyses your face using your selfie and determines for example the optical age, evenness and firmness of your skin. Additional questions can also be asked, which, depending on your answer, may also contain sensitive health data. These functionalities do not require registration. Your selfie might reveal your ethnical origin. We are not using this data actively.

After an additional registration with our loyalty or SKiN GUiDE program, further functions are available. With the digital skin diary, the development of the skin can be tracked and individual care recommendations and care routines can be offered, also via email. 

Further information on the use of SKiN GUiDE can be found in the SKiN GUiDE FAQs.

Optionally you can contribute to the improvement and research of the SKiN GUiDE  functionality towards the Beiersdorf AG, Germany by consenting separately. 

Controller: 
If you contribute optionally to the improvement and research for SKiN GUiDE the Controller is Beiersdorf AG, Unnastr. 48, 20253 Hamburg, Germany. Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or under the postal address of the controller for the attention of the “data protection officer”. 
For all other cases the controller is named under clause 1.2 above.

Recipients:

Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 

Further recipients can be found in the general recipients section 1.4.

Deletion:

The personal data of users who have not registered will be deleted after 24 hours at the latest and not further processed. 

The data of the registered users will be deleted after the deletion of the loyalty or skin guide account. The data of the users who have additionally consented to the improvement and research of the technology will be deleted after 2 years.

Legal basis:

Art. 6 (1) a GDPR in conjunction with Art. 9 (2) a GDPR (consent)

3.8 Data Privacy Statement for applicants (recruitment)

For more information about the application process please go to our dedicated Data Privacy Statement for applicants (recruitment) on our corporate Beiersdorf website.