Privacy Policy

Protection of your Data is important to us!

For NIVEA not only the care and protection of your skin is important. We also attach great importance to the protection of your personal data. That's why we respect your privacy and want you to be able to trust us as much when it comes to data protection as when it comes to skin care. We always inform you transparently about what we need your data for and if and for how long we store it.

List of Content

1. General Information 
1.1. Processing of Personal Data 
1.2. Controller 
1.3. Rights of the Data Subject 
1.4. Disclosure to Authority

2. Collection and Processing of Personal Data when visiting our Website 
2.1 Cookies
2.1.1 Technical cookies (Type A)
2.1.2 Functional and Performance Cookies (Type B)
2.1.3 Consent based Cookies (Type C)
2.1.4 Administration and deletion of all cookies
2.1.5 Consentmanager CMP – Central cookie management platform
2.2 Web Analytics
2.2.1 Google Analytics
2.3 Online Advertising
2.3.1 Google Ads (formerly Google Adwords)
2.3.1.1 Google Ads Conversion
2.3.1.2 Google Ads Remarketing
2.3.2 Google Analytics Advertising Features
2.3.3 Google Campaign Manager
2.3.4 Adform
2.3.5 (Website) Facebook Custom Audiences / Conversion (“Facebook Pixel”)
2.3.6 Commerce Connector
2.3.7 Where to buy (Swaven)
2.3.8 Data Management Platform (Salesforce Audience Studio/Krux)
2.3.9 LinkedIn Insight Tag
2.4 Google Tag Manager 
2.5 Captchas

3. Further services offered (on- and offline)
3.1 Contacting/Communication/Collaboration
3.2 Newsletter
3.3 Campaigns (Sweepstakes, Surveys, Product Tests)
3.4 Surveys

4. Objection or Withdrawal of your consent to the Processing of Personal Data


General Information

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our website and related services. This privacy policy applies to all websites or services that refer to this privacy policy. 

 

1.1. Processing of Personal Data

Personal data within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

 

1.2. Controller

Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is: Beiersdorf AG, Unnastraße 48, 20245 Hamburg [Dataprotection[at]Beiersdorf.com] (see our imprint).

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or via the postal address of the controller for the attention of the “data protection officer”.

Specific data processing activities might occur under the responsibility of other controllers. It is indicated in the respective description of those activities below, where this is the case.

 

1.3. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data in accordance with the legal provisions: 

  • Right of access;
  • Right to rectification and to erasure;
  • Right to restriction of processing;
  • Right to data portability; and 
  • Right to object. 

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3.1

 

1.4. Disclosure to Authority

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies.

Legal basis: Art. 6 (1) c GDPR (legal obligation) 


2. Collection & Processing of Personal Data when visiting our Website

When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data (such as log data) that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. hosting, content management system) in accordance with the purposes required (for displaying the website and setting up its content).

The deletion of the log files takes place after 7 days.

Legal basis: Art. 6 (1) f GDPR (legitimate interest)

 

Collection of Personal Data when downloading and using our App

When downloading our mobile app, all required information will be transferred to the App Store, in particular the user name, email address and customer number of your account, timestamp of download, payment information and the individual device code number. We have no influence on this data collection and are not responsible for it. We only process the data if it is necessary for downloading the mobile app to your mobile device.

When using the mobile app, we collect the personal data that enables convenient use of the functions. If you want to use our mobile app, we collect the data that is technically necessary for us to offer you the functions of our mobile app and to guarantee stability and security.

We also need your device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile device, email address.

We might transfer the collected data to the responsible internal departments and other affiliated companies of the Beiersdorf Group or to external service providers, processors (e.g. hosting, content management system) for processing in accordance with the required purposes (to display the app and to create the content).

The data you store locally on your mobile device when using the app is only stored until you delete the app on your mobile device. If you decide to delete the app, we will also ask you again whether you agree to the final deletion of all data linked to the app.

The data you provide us with will only be stored by us for as long as it is necessary for the fulfillment of the respective purpose, i.e. the performance of our studies for which you have provided us with your data, or for compliance with legal regulations.

Legal basis:

Art. 6 (1) b GDPR (situation similar to a contract)

Art. 6 (1) a GDPR (consent)

 

Access permissions to functions on your mobile device

The app accesses only those functions of your smartphone or tablet ("device") that are required for the described purposes.

Before accessing the respective functions, the following access rights are requested from you:

Access to the photo function of your device for taking photos for

Legal basis:

Art. 6 (1) b GDPR (situation similar to a contract)

Art. 6 (1) a GDPR (consent)

 

Changes to your personal settings

You can revoke or reassign the access authorizations granted to your mobile device at any time under your personal settings (to be found under “Data protection”). If you remove individual access rights from the app, the app can no longer be used.

Push Notifications

Information/Purpose:

If you have agreed to push messages, we will deliver push messages with reminders, attractive offers, promotions, news, and other information to your End Device. You will see these push messages on the lock screen as an active window while using your end device, as well as an icon on the app icon of your end device.

In order to use this service, your device data (including, for example, the device ID, the IDFA/ IDFV for iOS or the advertising ID for Android, as well as other device-specific information and geolocation information) is processed based on your IP address. In addition, authentication via Google Firebase takes place based on a certificate deposited with our push message provider in order to send push messages to Android users.

Recipients:

The push message service provider (Pushwoosh Inc., 1224 M St NW, Suite 101, 20005 Washington, DC, USA) and the Google Firebase provider (Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) receive access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Deletion/Withdrawal:

You can object to receiving push messages at any time under your personal settings on your end device and switch them off accordingly.

Legal basis: Art. 6 (1) a GDPR (consent)

2.1 Cookies

In addition to the aforementioned data, cookies or other technologies like pixels (hereinafter referred to as “Cookies”) are used on your computer when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).

Through the information saved and returned, the respective website recognizes that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies, the scope and functionality of which are explained below:

- Technical cookies (Type A)
- Functional and Performance cookies (Type B)
- Consent-based cookies (e.g. Marketing) (Type C)

You can find more information on the cookie types set and used in the description of the tools implemented on our websites in this privacy policy.In case this website is using a cookie management platform you can additionally find further information in there. 

2.1.1 Technical cookies (Type A)

Technical cookies guarantee functions without which you cannot use our web pages as intended. These cookies are used exclusively by us. This means that all information stored in the cookies will be returned to our website.

Technical cookies serve, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our website and thus do not have to re-enter your login data every time you access a new page.

The use of technical cookies on our website is possible without your consent. For this reason, technical cookies cannot be activated or deactivated individually. However, you can deactivate cookies in your browser at any time (see below).

Legal basis: Art. 6 (1) b GDPR (situation similar to a contract)

2.1.2 Functional and Performance cookies (Type B)

 Functional cookies enable our website to store information already provided (such as registered name or language selection) and to offer you improved and more personalized functions based on this information. These cookies collect and store only pseudonymised information so that they cannot track your movements on other websites. Performance cookies collect information about how our websites are used in order to improve their attractiveness, content and functionality. These cookies help us, for example, to determine whether and which subpages of our website are visited and in which content users are particularly interested. In particular, we record the number of visits to a page, the number of subpages accessed, the time spent on our website, the order of the pages visited, which search terms led you to us, the country, region and, if applicable, the city from which access is made, and the proportion of mobile devices accessing our websites. We also capture movement, clicks and scrolling with the computer mouse to understand which areas of our website are of particular interest to users. As a result, we can tailor the content of our website more specifically to the needs of our users and optimize our offering. The IP address of your computer transmitted for technical reasons is in general automatically made anonymous and does not allow us to draw any conclusions about the individual user. The functional and performance cookies are so-called "strictly necessary" cookies within the meaning of the ePrivacy Directive 2002/58 EC, which do not require consent.
You can adjust at any time the cookie settings here (activate or deactivate).

Legal basis: Art. 6 (1) f GDPR (legitimate interest)

2.1.3 Consent-based cookies (Type C)

Cookies, which are neither technical Cookies (Type A) nor functional or performance cookies (Type B) will be used only upon your express consent, e.g. marketing cookies.

We also reserve the right to use information that we have obtained by means of cookies from an anonymous analysis of the usage behaviour of visitors to our website in order to display specific advertising for certain of our products on our own websites. We believe that you as a user benefit from this because we display advertising or content that we think suits your interests based on your surfing behaviour, so that you will see less randomly scattered advertising or certain content that might be of less interest to you. 

Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create target group-oriented advertising for the user.

Opt-out for cookies used for online advertising 

You can also manage many companies’ cookies used for online advertising via the consumer choice tools created under self-regulation programs in many countries, such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices. 

You can withdraw your consent to the use of consent based cookies (Type C) individually at any time with effect for the future by adjusting your cookie settings accordingly. 

Legal basis: Art. 6 (1) a GDPR (consent)

2.1.4 Administration and deletion of all cookies

You can set your web browser in such a way that cookies are generally prevented from being saved to your device and/or that you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser’s help function. 

Please note that generally deactivating cookies may lead to functional restrictions of our website.

2.1.5 Consentmanager CMP – Central cookie management platform

Purpose/Information:

This website is using the consent management tool "consentmanager" (www.consentmanager.net) to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed.

By processing the data, consentmanager helps us to fulfill our legal obligations (e.g. obligation to provide evidence). Our interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active.

Used Cookies: Type A. For further information, see Cookies Section.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, analytical, support providers) in accordance with the required purposes (to provide a cookie consent management tool). Main service provider is Consentmanager AB, Sweden.

Deletion:

The data will be deleted after 13 months. The choice you have made (consent/setting) will be stored for one year and can be viewed here. You can always delete your choice by deleting the cookies within your browser.

Legal basis:

Art. 6 (1) b GDPR (situation similar to a contract)

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

 

2.2 Web Analytics

2.2.1 Google Analytics

Purpose/Information:

This website uses Google Analytics, a web analysis service of Google Ireland Ltd. (“Google”). The configuration of Google Analytics has been modified by us to the measurement onlyfunction, unless separate consent for further advertising features has been given.

Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website.The cookies set by Google Analytics for measurement are first party cookies, which means that data subjects’ cookievalues will be different for each customer (i.e. there is not a single Google Analytics cookie ID that is used on all sites using Google Analytics). The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there.

We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp();” to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google within the territory of the EU and the Treaty States of the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.

Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

We use Google Analytics to analyse and regularly improve the usage of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. In addition, we gain information about the functionality of our site (for example to detect navigation problems).

In the configuration of Google Analytics, we ensured that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The "Google Analytics Advertising Features" configuration is independent from this and is described in the appropriate section below, provided it is also used on this website.

Used Cookies: Type B. For further information, see Cookies Section.

Recipients:

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics Terms of Service: https://www.google.com/analytics/terms/gb.html , General overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en , as well as Googl;s privacy policy: https://policies.google.com/privacy?hl=en

Transfer to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.
Further recipients: We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform, hosting, support and analysis service providers) in accordance with the required purposes (to perform analyses). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion/Objection: You can deactivate Google Analytics via the Cookie Settings here.

You can prevent the storage of cookies by making the proper setting using your browser software. In addition, you can prevent Google from recording the data related to your use of the website generated by the cookie (including your IP address) and from processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 26 months.

Legal basis:
Art. 6 (1) f GDPR (legitimate interest) 

2.3 Online Advertising

2.3.1 Google Ads (formerly Google Adwords)

Information/purpose:

2.3.1.1 Google Ads Conversion

We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

The advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their device has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

2.3.1.2 Google Ads Remarketing

We use the remarketing function within the Google Ads service. The remarketing function allows us to present to users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores cookies in the browsers of users who visit certain Google services or websites in the Google Display Network. This cookie is used to record the visits of these users. The number is used to uniquely identify a web browser on a particular device. Used Cookies: Type C. For further information, see Cookies Section.

Recipients:

For more information on the purpose and scope of data collection and processing by Google, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:  https://www.google.com/intl/en/policies/privacy ;

Transfers to third countries are possible.As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. Alternatively, you will also find more information on the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org;

Deletion/withdrawal:

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly (in particular by suppressing third-party cookies, you will not receive any ads from third-party providers); b) by deactivating cookies for conversion tracking: by setting your browser so that cookies are blocked by the domain https://www.google.de/settings/ads , this setting being deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices .This setting is deleted when you delete your cookies; d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers under the link http://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly (click here). Please note that in this case you may not be able to use all functions of this offer in full.

Cookie lifetime: up to 180 days (this applies only for cookies which have been set by this website).

Legal basis:

Art. 6 (1) a GDPR (consent)

2.3.2 Google Analytics Advertising Features

This website also uses the extended functions of Google Analytics (Google Analytics Advertising Features) in addition to the standard functions. The Google Analytics Advertising Features implemented on this website include:

· Google Display Network Impression Reporting

· Google Analytics Demographics and Interest Reporting

· Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers

We therefore use first-party cookies (e.g. Google Analytics cookies) and Google advertising cookies and identifiers together in order to optimize our website.

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly; b) via your Google ad settings on https://www.google.com/ads/preferences/?hl=en; c) by setting your cookie preferences accordingly (click here). Please note that in this case you may not be able to use all functions of this offer in full.

Used Cookies: Type C. For further information, see Cookies Section.

Cookie lifetime: up to 12 months (this applies only for cookies which have been set by this website).

Legal basis:

Art. 6 (1) a GDPR (consent) 

2.3.3 Google Campaign Manager

Information/purpose:

This website also uses the online marketing tool Campaign Manager by Google. Campaign Manager uses Cookies to display ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Campaign Manager may use cookie IDs to collect so called conversions related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and buys something there. 

Your browser automatically establishes a direct connection to the Google server once visiting our website. We have no influence on the extent and the further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Campaign Manager, Google receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

In addition to that, Campaign Manager (e.g. DoubleClick Floodlight) cookies allow us to understand whether you complete certain actions on our website(s) after viewing one of our display/video ads on Google or other platforms through Campaign Manager or clicking through one (conversion tracking). Campaign Manager uses this cookie to understand the content with which you have interacted on our website(s) in order to be able to send you targeted advertising later.

Used Cookies: Type C. For further information, seeCookie Section

Recipients:

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Transfers to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/datatransfers-outside-eu_en.

Further recipients: We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform, hosting, support and analysis service providers) in accordance with the required purposes (to perform ads).

Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Deletion/Withdrawal

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly (in particular by suppressing third-party cookies, you will not receive any ads from third-party providers); b) by deactivating the interest based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices. This setting is deleted when you delete your cookies; c) by permanently deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin, d) by setting your cookie preferences accordingly.

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (consent)

2.3.4 Adform

Information/purpose:

This website uses the online marketing tool Adform by Adform A/S Denmark. Adform uses cookies to display ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ad more than once. Adform uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Adform may use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees an Adform ad and later visits the advertiser's website with the same browser and buys something there. Adform cookies do not contain any personal information, such as email-address, name or addresses.

Your browser automatically establishes a direct connection to the Adform server once visiting our website. By integrating Adform, Adform receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us.

In addition to that, Adform cookies allow us to understand whether you complete certain actions on our website(s) after viewing one of our display/video ads on Adform or other platforms through Adform or clicking through one (conversion tracking). Adform uses this cookie to understand the content with which you have interacted on our website(s) in order to be able to send you targeted advertising later.

Used Cookies: Type C. For further information, see Cookies Section.

Recipients:

You will find more information on Adform at https://site.adform.com/, with regards to data protection at Adform A/S Denmark: https://site.adform.com/privacy-center/overview.

Deletion/withdrawal:

You can prevent your participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any ads from third-party providers; b) by deactivating cookies from Adform via your browser under https://site.adform.com/privacy-center/platform-privacy/opt-out/ c) by setting your cookie preferences accordingly (click here).

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 13 months.

Legal basis: Art. 6 (1) a GDPR (consent) 

2.3.5 (Website) Facebook Custom Audiences/ Conversion(“Facebook Pixel”)

Information/purpose:

This website uses the so-called "Facebook Pixel" of the social network "Facebook" for the following purposes:
Facebook (website) Custom Audiences
We use the Facebook pixel for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network "Facebook" or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you.

Facebook conversion
We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies requiring your consent. Through the integration of the Facebook pixel, Facebook receives the information that you have called up the corresponding website of our internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.
The processing of this data by Facebook takes place within the framework of Facebook's data policy. Special information and details about the Facebook pixel and its functionality can also be found in the Facebook help area.

Used Cookies: Type C. For further information, see Cookies Section.

Recipients:

Joint Controller:

We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for the collection and transfer of data in this process. This applies to the following purposes:
The creation of individualized or suitable ads, as well as for their optimization
Delivery of commercial and transaction-related messages (e.g. via Messenger)
The following processes are therefore not covered by joint controllership:
The process that takes place after the collection and transmission is within the sole responsibility of Facebook.
The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility.

We have concluded a corresponding agreement with Facebook for joint controllership, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint controllership.

The contact details of the Controller and the data protection officer of Facebook can be found here: https://www.facebook.com/about/privacy.

We have agreed with Facebook that Facebook can be used as a contact point for the exercise of data subject rights (see Section 1.3). Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited.

Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR.

Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Further Recipients:
We transfer also the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform-, hosting, support and analysis service providers) in accordance with the required purposes (for the execution of ad display and analysis). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion/withdrawal:

The “Facebook Custom Audiences” function can be deactivated in the Cookie Settings and for logged in users at https://www.facebook.com/settings/?tab=ads#_.

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) a GDPR (consent) 

2.3.6 Commerce Connector

Information/Purpose:

On our website, we provide you with a list of different online retailers, where you can buy our products. If you click on a link to one of the retailers, you will be forwarded to the product detail webpage of the selected retailer and our partner - Commerce Connector GmbH, - will store a cookie on your device for a period of 7 days. If you make a purchase at the selected retailer within this period, Commerce Connector gets a general information about your purchase once you have finalized the purchase and reached the order confirmation page.

For this reason, Commerce Connector receives a unique cookie number that is used to create anonymous sales statistics of our products purchased through the link. Commerce Connector provides us with this anonymous statistics.

Cookies used: Type c. More information can be found in the Cookies Section

Recipients:

The data will be processed by our partner Commerce Connector GmbH, Deckerstr. 41, 70372 Stuttgart. Please refer to the Commerce Connector Privacy Policy for more information on the tool and how to turn it off.

Deletion/Withdrawal:

Cookie lifetime: 7 days (this applies only to cookies which have been set by this website) https://www.commerce-connector.com/website/de/policy-de/policy_cco/#optout

Legal basis:

Art. 6 (1) a GDPR (consent)

2.3.7 Where to buy (Swaven)

Information/Purpose:

We provide you on our website the opportunity to buy our products on online retailers websites (e.g. with a shopping cart symbol). With this function we get only performance and analytical information to audience the efficiency of the tool (via cookies) which is also our legitimate interest. A cross-website tracking does not occur, so we do not get the information if you have bought something in the selected store.

For a better user experience and to show local stores, we use the geolocation of the visitor to personalize the service. We operate at city scale geolocation by partially analyzing the IP address. A more precise geolocation can be used when the user has validated the function. The geolocation is used only during the session.

Cookies used: Type b. More information can be found in the Cookies Section

Recipients:

These data will be processed to our Partner Swaven SAS, Paris, France. Further information can be found here: https://www.swaven.com/cookie-policy

Deletion/Withdrawal:

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (legittimate interest)

2.3.8 Data Management Platform (Salesforce Audience Studio/Krux)

Information/Purpose:

This website uses a tool to centralize the website visitors within one platform in order to segment the users for campaigns and to receive insights about the performance of a campaign. The differentiation of visitors is based on unique ID (cookies or local storage). The tool also provides the possibility that individual product/marketing information on third party websites can be published based on the visit on our website. The data may include information about how the user came to the website and how users interact with it. Browsers automatically also send certain standard information to every website a user visits, such as an IP address, browser type and language settings, access times, and referring website addresses. Additionally, the tool provides the possibility to connect the website visitor data (also cross-device) to our registered users once they are logged in and the user has consented to it.

Further information can be found here: https://www.salesforce.com/products/marketing-cloud/sfmc/audience-studio-privacy/

Used Cookies: Type C. For further information, see Cookies Section

Recipients:

We transfer also the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform-, hosting, support and analysis service providers) in accordance with the required purposes (for the execution of campaign display, segmentation, user data connection and analysis). Main service provider is salesforce.com Germany GmbH, Germany. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Deletion/Withdrawal:

The personal data this tool collects gets deleted within 6 months of inactivity. The consent can be withdrawn with effect for the future within the cookie settings (click here). In the case of registered users and with the respective consent, the data may be linked to their consumer profile. The deletion rules for the consumer profile then apply accordingly (e.g. loyalty program).

Cookie lifetime: up to 6 months (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) a GDPR (consent)

2.3.9 LinkedIn Insight Tag

Information / Purpose:

We use the LinkedIn Insight Tag on this website. The LinkedIn Insight Tag collects metadata such as URL, IP address, timestamp, device and browser characteristics in order to produce insights and campaign reporting that do not identify you. We are not able to identify you through these reports. LinkedIn provides only reports and alerts (which do not identify you) about the website audience and ad performance. You can control the use of your personal data for advertising purposes through your LinkedIn account settings.

Further information:

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/legal/cookie-policy

https://www.linkedin.com/legal/l/cookie-table

Cookies used: Type c. More information can be found in the Cookies Section

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group as well as to external service providers in accordance with the required purposes (hosting and analysis services). Main service provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Grand Canal Dock, Dublin, 2 Ireland Transfer to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here:https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Deletion/Withdrawal:

Your data will be deleted after the final processing of the campaign.

You can withdraw your consent to the use of consent based cookies (Type c) individually at any time with effect for the future by adjusting your Cookie Settings accordingly.

Cookie lifetime: up to 90 days.

Legal basis:
Art. 6 (1) a GDPR (consent)

2.4 Google Tag Manager

Information/Purpose:

This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.

Recipients:

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Transfer to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en

Legal basis

Art. 6 (1) f GDPR (legitimate interest) 

2.5 Captchas

This website uses in specific cases the Google reCAPTCHA v2 to avoid the usage of text fields by automated programs/bots. It helps to support the security of our website and to avoid SPAM for the users. This is also our legitimate interest and fulfills our legal obligation.

The collected data are hardware and software information, such as device and application data and the result of integrity checks. These data will be sent to Google Ireland Limited,Gordon House, Barrow Street, Dublin 4, Ireland. The data will not be used by Google for personalized ads.

Further information can be found in their privacy policy: https://policies.google.com/privacy . Further documentation can be found here: https://developers.google.com/recaptcha/   https://www.google.com/recaptcha/admin/create .

Cookies used: Type a. More information can be found in the "Cookies" section

Recipients:

Third party information: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu_en

Deletion:

Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above)

 


3. Further Services Offered (on- and offline)

In addition to the purely informational use of our website, we offer various other services, for which we process your personal data. 

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. 

External service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

We may also disclose your personal data to third parties when we offer promotions, sweepstakes, contracts or similar services in conjunction with partners. Further information can be obtained at the time when you provide the data or in the description of the services below.

Contrary to 1.2, in some cases a Beiersdorf Company is Controller for the services offered below, which has already been named to you as part of the communication. If reference is therefore made to sections of this privacy policy, e.g. by link, and a Controller has already been named, e.g. in the footer/signature of an e-mail or campaign card, this person is the Controller in accordance with. Art. 4 No. 7 GDPR.

If our service providers are based in a country outside the European Economic Area (EEA), international data transfers can occur. We will inform you of the consequences of this circumstance in the description of the service below. 

 

3.1 Contacting/Communication/Collaboration

Purpose / Information:

When communicating and/or collaboration with us, e.g. by email or via contact form on our website, data exchange platform, be it e.g. as a consumer, test person, business partner or customer, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.

Controller:

If you purchase products in the eShop Beiersdorf NV, De Passage 126-136, 1101 AX Amsterdam, Netherlands described in this clause. This applies also to any questions about your order that you might ask through the contact form provided in the eShop.

For all other cases of contacting/communication/collaboration is the controller named under clause 1.2 above.

Recipients:

In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If you are a business partner, we regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. For this purpose, we cooperate with credit agencies from which we receive the necessary data. For this purpose we transmit your name and your contact data to the credit agencies.

If you are a business customer or partner, it may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymized data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, call center service providers) in accordance with the purposes required (e.g. for establishing contacts, business related correspondence and customer care). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion /Objection:

We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.

You can object to these processes according to the requirements under 4.

Legal basis:

Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract)

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above) 

 

3.2 Newsletter

Purpose / Information:

The newsletter contains news, offers and further information on the selected Beiersdorf brands. By subscribing to the newsletter, you will receive in accordance with the consent you have given in each case personalized information about the products, services or suggestions for participation in promotions, such as competitions or product tests by e-mail.

With your registration for the newsletter you will receive a newsletter tailored to your needs (if the newsletter is "personalized", "individualized" or "customized"). We evaluate your purchase and click behavior on our websites or within the newsletter in order to compile the information relevant to you.

We also use remarketing measures to show you the relevant online advertising.

Recipients:

The data will be forwarded to our customer management platform, which service providers may also have access to support and implement the newsletter. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Withdrawal:

These collected data are automatically deleted after 24 months at the latest if they no longer respond to the newsletter, e.g. open (inactivity). If you no longer wish to receive the newsletter, you can unsubscribe at any time. Click on the link contained in each newsletter, you will then be guided through the unsubscribe process, or send us your withdrawal by email.

Legal basis: Art. 6 (1) a GDPR (consent)

 

3.3 Campaigns (e.g. Sweepstakes, Product Tests)

Purpose / Information:

When you participate in sweepstakes or similar campaigns, we use the personal information you provide to conduct the campaign. Further information on the purposes can be found in the respective terms and conditions of the campaign.

The provision of your personal data is necessary for the performance of a contract. You are not obliged to provide your personal data. If your data is not provided, you cannot participate in the campaign.

Further information can be found in the respective terms and conditions of the campaign.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, shipping, processing service providers) in accordance with the purposes required (to carry out the campaign). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion:

Your data will be deleted after the final processing of the campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations.

Legal basis: Art. 6 (1) b GDPR (situation similar to a contract)

 

3.4 Surveys

Purpose / Information:

When you participate in surveys or similar campaigns, we process the personal information for the purpose described in the consent. The collected data covers questions around the intended purpose of the survey or similar campaign, as well as additional socio-demographic information about you. You may participate without identifying yourself, unless this has been part of the consent.

Recipients:

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform, hosting, analysts) in accordance with the purposes required (to carry out the surveys). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion: Your data will be deleted after the final processing of the survey or similar campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations. Usually, data will be deleted after two years.

Legal basis: Art. 6 (1) a GDPR (consent)