Privacy Policy

PROTECTION OF YOUR DATA IS IMPORTANT TO US!

For NIVEA not only the care and protection of your skin is important. We also attach great importance to the protection of your personal data. That's why we respect your privacy and want you to be able to trust us as much when it comes to data protection as when it comes to skin care. We always inform you transparently about what we need your data for and if and for how long we store it. This allows you to decide for yourself for which purposes we may use your data. To ensure the best possible security, the information is always transmitted to us in encrypted form. If you no longer wish us to use your data, please let us know informally, for example by email. 

Content of this Privacy Policy

1. General Information 
            1.1. Processing of Personal Data 
            1.2. Controller 
            1.3. Rights of the Data Subject 
            1.4. Disclosure to Authority  

2. Collection and Processing of Personal Data when visiting our Website 
            2.1 Cookies 
            2.2 Web Analytics 
            2.3 Social Plug-ins 
            2.4 Social Login 
            2.5 YouTube-Videos 
            2.6 Online Advertising 
            2.7 Google Tag Manager 
            2.8 Verizon Media (Dot Tag) 
            2.9 Chatbot (Loyjoy) 
            2.10 Floodlight activities / DV360 

3. Further services offered (on- and offline)
            3.1 Contacting
            3.2 Newsletter
            3.3 Campaigns (e.g. Sweepstakes, Surveys, Product Tests)
            3.4 Postal Mailings
            3.5 Ratings and Reviews
            3.6 Web Shop
            3.7 Surveys

4. Objection or Withdrawal of your consent to the Processing of Personal Data


General Information

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our website and related services. 

1.1. Processing of Personal Data

Personal data within the meaning of Section 2 of the Kenyan Data Protection Act No. 24 of 2019 (Act 2019) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

1.2. Controller

Responsible for the processing of personal data within the meaning of Section 2, Act 2019 is: Beiersdorf, Serem-Sasio Road, Off Lunga Lunga Road, Nairobi, Kenya Tel:  +254 730186000

[Dataprotection[at]Beiersdorf.com

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or via the postal address of the controller for the attention of the “data protection officer”.

1.3. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data according to Section 25 et seqq. Act 2019:

  • Right of access;
  • Right to rectification and to erasure;
  • Right to restriction of processing;
  • Right to data portability; and 
  • Right to object. 

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3.1.

1.4. Disclosure to Authority

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies.

Legal basis: Section 30 ACT, 2019


Collection & Processing of Personal Data when visiting our Website

When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data (such as log data) that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. hosting, content management system) in accordance with the purposes required (for displaying the website and setting up its content).

Legal basis: Section 30, Act 2019. 

2.1 Cookies

In addition to the aforementioned data, cookies or other technologies like pixels (hereinafter referred to as “Cookies”) are used on your computer when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).  

Through the information saved and returned, the respective website recognizes that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Strictly necessary cookies (Type A)
  • Functionality, Performance and Marketing Cookies (Type B)
  • Consent based Cookies (Type C)

You can find more information on the cookie types set and used in the description of the tools implemented on our websites in this privacy policy. 

 

2.1.1 Strictly necessary cookies (Type A)

Strictly necessary cookies guarantee functions without which you cannot use our web pages as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies will be returned to our website. 

Strictly necessary cookies serve, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our website and thus do not have to re-enter your login data every time you access a new page. 

The use of strictly necessary cookies on our website is possible without your consent. For this reason, strictly necessary cookies cannot be activated or deactivated individually. However, you can deactivate cookies in your browser at any time (see below).

Legal basis: Section 29-30 and 32, Act 2019.

2.1.2 Functionality, Performance and Marketing Cookies (Type B)

Functionality cookies enable our website to store information already provided (such as registered name or language selection) and to offer you improved and more personalized functions based on this information. These cookies collect and store only anonymous information so that they cannot track your movements on other websites.

Performance cookies collect information about how our websites are used in order to improve their attractiveness, content and functionality. These cookies help us, for example, to determine whether and which subpages of our website are visited and in which content users are particularly interested. In particular, we record the number of visits to a page, the number of subpages accessed, the time spent on our website, the order of the pages visited, which search terms led you to us, the country, region and, if applicable, the city from which access is made, and the proportion of mobile devices accessing our websites. We also capture movement, clicks and scrolling with the computer mouse to understand which areas of our website are of particular interest to users. As a result, we can tailor the content of our website more specifically to the needs of our users and optimize our offering. The IP address of your computer transmitted for technical reasons is automatically made anonymous and does not allow us to draw any conclusions about the individual user.

You can adjust at any time the cookie settings here (activate or deactivate).

2.1.3 Consent based Cookies (Type C)

Cookies, which are neither strictly necessary (Type A) nor functionality or performance cookies (Type B) will be used only upon your express consent, e.g. marketing cookies.

We also reserve the right to use information that we have obtained by means of cookies from an anonymous analysis of the usage behaviour of visitors to our website in order to display specific advertising for certain of our products on our own websites. We believe that you as a user benefit from this because we display advertising or content that we think suits your interests based on your surfing behaviour, so that you will see less randomly scattered advertising or certain content that might be of less interest to you. 

Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create target group-oriented advertising for the user.

Opt-out for cookies used for online advertising 

You can withdraw your consent to the use of consent based cookies (Type C) individually at any time with effect for the future by adjusting your cookie settings accordingly.

Legal basis: Section 32(2) & (3) Act 2019.

 

2.1.4 Administration and deletion of all cookies

You can set your web browser in such a way that cookies are generally prevented from being saved to your device and/or that you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser’s help function.

Please note that generally deactivating cookies may lead to functional restrictions of our website.

 

2.2 Web Analytics

 2.2.1 Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website. The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there.

We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp();” to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google within the territory of Kenya and the surrounding regions. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there. Google has submitted itself to the EU-US Privacy Shield, (https://www.privacyshield.gov/EU-US-Framework).

Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

You can prevent the storage of cookies by making the proper setting using your browser software. In addition, you can prevent Google from recording the data related to your use of the website generated by the cookie (including your IP address) and from processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google Analytics Terms of Service: https://www.google.com/analytics/terms/gb.html, General overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en as well as Google’s privacy policy: https://policies.google.com/privacy?hl=en.

This website also uses Google Analytics for a device-independent analysis of visitor flows, which is carried out via a user ID. You can disable cross-device tracking of your usage in your Google Account under “My information”, “Personal information”.

Used Cookies: Type B. For further information, see Cookie Section.

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

 Legal basis: Section 39(1) & (2) Act 2019.

 

2.2.3 A/B Testing

This website also carries out analyses of user behavior via a so-called A/B testing. We can show you our websites with slightly varied content, depending on your profile assignment. This enables us to analyze and regularly improve our services and make them more interesting for you as a user.

Cookies are stored on your computer for these analyses. The information collected in this way is stored exclusively on a server in Germany. You can prevent the storage of cookies by making the proper setting using your browser software.

Before the analyses are carried out, the IP addresses are further processed in abbreviated form, so that direct personal contact can be ruled out. The IP address transmitted by your browser is not merged with other data collected by us.

The data is accessible by our analytical service provider based in Kenya.

Used Cookies: Type B. For further information, see Cookie Section.

Cookie lifetime: up to 2 years (this applies only for cookies which have been set by this website.).

Maximum storage period of data: up to 25 months

Legal basis: Section 39(1) & (2), Act 2019.

 

2.3 Social Plug-ins

Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of Facebook, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for Facebook.com in Ghana. The plug-ins are usually marked with a Facebook logo.

Besides Facebook, we use plug-ins from “Google+” (Provider: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA), “Twitter” (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and “Pinterest” (Provider: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA).

For data privacy reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social network. For this reason, there is no automatic data transmission to social networks such as Facebook, Google+, Twitter or Pinterest once you access our website. Data will be transmitted to social networks only if you actively click on the respective social network button. In this case, your web browser starts a connection to the respective social network's servers. By clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your browser will produce a link to the respective social network's servers and transmit usage data to the respective operator of the social network and vice versa. We have no influence upon the nature and extent of the data that is then gathered by the social networks.

The social network provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers as notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;

http://www.facebook.com/policy.php.

Further information regarding the data collection: http://www.facebook.com/help/186325668085084,

http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA;

https://www.google.com/policies/privacy/partners/?hl=de.

Google has submitted itself to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;

https://twitter.com/privacy.

Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

d) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA); http://about.pinterest.com/privacy/

2.4 Social Login

To register and log in to your customer account, you also have the option of authenticating yourself with your existing profile on one of the following social networks, Facebook, Twitter or Google+, and finally registering or logging in.

For this purpose, you will find on the registration page or login page the corresponding symbols of the respective providers of the social networks supported by our website. Before a connection to the provider is established, you must expressly agree to the process and transmission of data described below:

By clicking on the respective symbol, a new pop-up window (so-called app) opens, in which you must log in with your login data for the social network. After you have successfully logged in, the social network will tell you, which data will be transmitted to us for authentication as part of the registration or login process. If you have agreed to this data transfer, the fields required by us for registration will be filled with the transmitted data. The information we require for registration or login is (i) your name and (ii) your email address.

Only after your express consent to the use of the transmitted and required data, your data will be stored by us and used for the purposes as stated within this Privacy Policy. There is no link beyond the authentication process between your customer account created with us and your account on the corresponding social network.

In order to perform the authentication process for registration and login, your IP address is transmitted to the respective social network provider. We have no influence on the purpose and scope of data collection and on the further processing of the data by the respective provider of the social network. For further information, please read the data protection information of the respective provider:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;

http://www.facebook.com/policy.php 

more information on the data collection: http://www.facebook.com/help/186325668085084

http://www.facebook.com/about/privacy/your-info-on-other#applications as well as 

http://www.facebook.com/about/privacy/your-info#everyoneinfo

Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Facebook Connect

If a so-called “Facebook Connect Button” is placed on this website, you can log in to our website with your Facebook user data. In addition, Facebook Connect can automatically include information about your activities on our website in your Facebook profile. In this respect, when you activate the button, you will be given both the opportunity to expressly consent to access your Facebook user data and to publish information and activities in your Facebook profile. The use of further data (e.g. contact via your email address) only takes place with prior express consent. Please note that Facebook receives information about the application or website via Facebook Connect, including what you are doing. To personalize the connection process, Facebook may in some cases receive a limited amount of information prior to authorizing the application or website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and settings options for the protection of your privacy can be found in the privacy policy of Facebook:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php more information on the data collection

http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as

http://www.facebook.com/about/privacy/your-info#everyoneinfo

Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

2.5 YouTube-Videos 

We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 2 of this privacy policy will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:

https://www.google.de/intl/de/policies/privacy; Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

2.6 Online Advertising

2.6.1 Google Ads (formerly Google Adwords)

2.6.1.1 Google Ads Conversion

We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

The advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their device has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

2.6.1.2 Google Ads Remarketing

We use the remarketing function within the Google Ads service. The remarketing function allows us to present to users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores a number in the browsers of users who visit certain Google services or websites in the Google Display Network. This number, known as a "cookie", is used to record the visits of these users. The number is used to uniquely identify a web browser on a particular device and not to identify a person; personal data is not stored.

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any ads from third-party providers; b) by deactivating cookies for conversion tracking, by setting your browser so that cookies are blocked by the domain https://www.google.de/settings/adswww.google.adservices.com, , this setting being deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers under the link http://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly (click here). Please note that in this case you may not be able to use all functions of this offer in full.

For more information on the purpose and scope of data collection and processing by Google, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:

https://www.google.de/intl/de/policies/privacy; Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Alternatively, you will also find more information on the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Used Cookies: Type C. For further information, see Cookie Section.

Cookie lifetime: up to 1 month (this applies only for cookies which have been set by this website).

Legal basis: Section 39(1) & (2), Act 2019.

2.6.2 Google Analytics Advertising Features

This website also uses the extended functions of Google Analytics (Google Anayltics Advertising Features) in addition to the standard functions. The Google Analytics Advertising Features implemented on this website include:

• Google Display Network Impression Reporting

• Google Analytics Demographics and Interest Reporting

• Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers

We therefore use first-party cookies (e.g. Google Analytics cookies) and Google advertising cookies and identifiers together in order to optimize our website.

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly; b) via your Google ad settings on https://www.google.com/ads/preferences/?hl=en; c) by setting your cookie preferences accordingly (click here). Please note that in this case you may not be able to use all functions of this offer in full.

Used Cookies: Type C. For further information, see Cookie Section.

Cookie lifetime: up to 12 months (this applies only for cookies which have been set by this website). 

2.6.3 Google Remarketing

Furthermore, we use the application Google Remarketing in order to contact you again within 3 months. With this application after visiting our website, our ads might be displayed when you continue to browse on the Internet. This is done by means of Cookies, which are used to record and evaluate your usage behavior by Google when visiting various websites. This is how Google can determine your previous visits to our website. According to Google's own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. According to Google, in particular pseudonymisation is used for remarketing.

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any ads from third-party providers; b) by deactivating cookies for conversion tracking, by setting your browser so that cookies are blocked by the domain www.google.adservices.com, https://www.google.de/settings/ads, this setting being deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers under the link http://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly. Please note that in this case you may not be able to use all functions of this offer in full.

For more information on the purpose and scope of data collection and processing by Google, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:

https://www.google.de/intl/de/policies/privacy; Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Alternatively, you will also find more information on the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Used Cookies: Type C. For further information, see Cookie Section.

Legal basis: Section 30, Act 2019.

 

2.6.4 Google Campaign Manager

This website also uses the online marketing tool Campaign Manager by Google. Campaign Manager uses Cookies to display ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Campaign Manager may use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and buys something there.

Your browser automatically establishes a direct connection to the Google server once visiting our website. We have no influence on the extent and the further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Campaign Manager, Google receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

In addition to that, Campaign Manager (e.g. DoubleClick Floodlight) cookies allow us to understand whether you complete certain actions on our website(s) after viewing one of our display/video ads on Google or other platforms through Campaign Manager or clicking through one (conversion tracking). Campaign Manager uses this cookie to understand the content with which you have interacted on our website(s) in order to be able to send you targeted advertising later.

Used Cookies: Type C. For further information, see Cookie Section

Recipients:

Main service provider: Google Ireland Ltd, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:

You can deactivate this tool via the cookie settings here

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (consent) 

 

2.6.5 Adform

This website also uses the online marketing tool Adform by Adform Germany GmbH. Adform uses Cookies to display ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ad more than once. Adform uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Adform may use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees an Adform ad and later visits the advertiser's website with the same browser and buys something there. According to Adform, cookies do not contain any personal information, such as email-address, name or addresses.

Your browser automatically establishes a direct connection to the Adform server once visiting our website. We have no influence on the extent and the further use of the data collected by Adform through the use of this tool and therefore inform you according to our level of knowledge: By integrating Adform, Adform receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us.

In addition to that, Adform cookies allow us to understand whether you complete certain actions on our website(s) after viewing one of our display/video ads on Adform or other platforms through Adform or clicking through one (conversion tracking). Adform uses this cookie to understand the content with which you have interacted on our website(s) in order to be able to send you targeted advertising later.

You can prevent your participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any ads from third-party providers; b) by deactivating cookies from Adform via your browser under https://site.adform.com/privacy-center/platform-privacy/opt-out/ c) by setting your cookie preferences accordingly (click here). Please note that in this case you may not be able to use all functions of this offer in full.

You will find more information on Adform at https://site.adform.com/, with regards to data protection at Adform Germany GmbH: https://site.adform.com/privacy-center/overview.

Used Cookies: Type C. For further information, see Cookie Section.

Legal basis: Section 30, Act 2019.

 

 

2.6.6 (Website) Facebook Custom Audiences (“Facebook Pixel”)

This website also uses the remarketing function “Custom Audiences” of Facebook Inc. (“Facebook”) in order to contact you again within 3 months. This allows users of the website to see interest-based advertisements (“Facebook ads”) when visiting the social network Facebook or other websites in the Facebook advertising network that also use this tool, including Instagram.

Your browser automatically establishes a direct connection to the Facebook server. We have no influence on the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have landed on our website, or that you have clicked on an advertisement from us. If you have an account with a Facebook service (e.g. Facebook, Instagram, WhatsApp), Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the providers may obtain and store your IP address and other identifying information.

The “Facebook Custom Audiences” function can be deactivated in the Cookie Section and for logged in users at https://www.facebook.com/settings/?tab=ads#_.

Used Cookies: Type C. For further information, see Cookie Section.

Legal basis: Section 30, Act 2019.

 

2.7 Google Tag Manager

This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.  

2.8 Verizon Media (Dot Tag)

This website uses a "Dot Tag" from Verizon Media to track the performance of some of its native advertising. This gives us more insights about you, and allows us to get a better understanding of you for future advertising. Based on this analysis, we can improve our offer and make it more interesting for you as a user.

When you click through one of the Verizon adverts, a pixel is sent to Verizon. Verizon receives a pixel id, information related to the page, a timestamp of your visit, and other information in connection with http requests (including IP addresses and Yahoo's cookies). Verizon Media will also receive any data you may choose to include via custom fields.

Events collected from Dot do not remain in our systems more than 30 days and are typically gone after 7 days. Segments created from these events may remain for up to 2 years.

The data collected via Dot does not include personally identifiable information.

Used Cookies: Type C. For further information, see Cookie Section.

Cookie lifetime: Expiration is set at 1 year (some legacy 2 year expiration may remain)

Legal basis: Section 30 & Section 39, Act 2019

2.9 Chatbot (Loyjoy)

This website provides the feature to get in a personalized dialog with us. With our chatbot you can participate on surveys or sweepstakes and order the newsletter or become part of the loyalty program. We therefore collect various communication/interaction data as provided by you. This gives us also the possibility to analyse the data and to evaluate them for statistical purposes.

_We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, processing service providers) in accordance with the required purposes (to carry out the chatbot and the demanded service (e.g. newsletter) etc.). Main service provider is Loyjoy GmbH, Muenster Germany. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers or they are (additionally) EU-U.S. Privacy Shield certified. More information on this topic is published here: [_https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.__]

The chat dialogs within the chatbot will be automatically deleted after 48 hours. The user has the possibility to delete the data earlier within the chatbot menu and to use further privacy rights. Depending on selected purposes (sweepstake, surveys, newsletter etc.) the data retention periods as mentioned in the corresponding context applies (see below).

Cookies used: Type b. More information can be found in the "Cookies" section [Link to cookie section 2.1].

Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website)

Legal basis: Art. 6 (1) f GDPR (legitimate interest)

2.10 Floodlight activities / DV360

This website uses DV360's Floodlight Tag to measure the effectiveness of our advertising campaigns, to limit the frequency with which you are shown a particular ad, and to display only ads that are relevant to you and your interests. In particular, information about the ads you click on, as well as your previous user behavior on third party websites, is collected and stored. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Google ad and later calls up our website with the same browser and buys something there. The cookies do not contain any personal information such as email addresses, names or addresses.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. Through the integration of the floodlight tag, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us.

In addition, the Floodlight Tags used allow us to understand whether you perform certain actions on our website after you have called up one of our display/video ads on another platform or clicked on it (conversion tracking). Google uses this cookie to understand the content you have interacted with on our websites in order to later send you targeted advertising.

Used Cookies: Type C. For further information, see Cookie Section.

Recipients

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform management provider, analysis service provider) in accordance with the required purposes (ad campaign management). Main service provider is Google Ireland Ltd, Ireland. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art.

46 GDPR with these providers. More information on this topic is published here

Deletion/withdrawal:

You can prevent your participation in this tracking process in various ways:

  • by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any ads from third-party providers;
  • via installation of the from google provided plugin
  • by deactivating cookies from your browser
  • by setting your cookie preferences accordingly

Cookie lifetime:

Up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:

Art. 6 (1) a GDPR (consent)


 

Further Services Offered (on- and offline)

In addition to the purely informational use of our website, we offer various other services, for which we process your personal data. 

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. 

External service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

We may also disclose your personal data to third parties when we offer promotions, sweepstakes, contracts or similar services in conjunction with partners. Further information can be obtained at the time when you provide the data or in the description of the services below.

Contrary to 1.2, in some cases a Beiersdorf Company is Controller for the services offered below, which has already been named to you as part of the communication. If reference is therefore made to sections of this privacy policy, e.g. by link, and a Controller has already been named, e.g. in the footer/signature of an e-mail or campaign card, this person is the Controller in accordance with Section 18 to Section 24, of the Data Protection Act, 2019. 

If our service providers are based in a country outside of Kenya, international data transfers can occur. We will inform you of the consequences of this circumstance in the description of the service below.

 

3.1 Contacting/Communication/Collaboration

When communicating and/or collaboration with us, e.g. by email or via contact form on our website, data exchange platform, be it e.g. as a consumer, test person, business partner or customer, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence. We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed. 

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request. In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If you are a business partner, we regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. For this purpose, we cooperate with credit agencies from which we receive the necessary data. For this purpose we transmit your name and your contact data to the credit agencies. 

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims. 

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, call center service providers) in accordance with the purposes required (e.g. for establishing contacts, business related correspondence and customer care). Platform/hosting providers will have access to personal data from a third country (countries outside of Kenya). As an appropriate safeguard we have agreed on standard contractual clauses with these providers or they are (additionally) EU-U.S. Privacy Shield certified.

You can object to these processes according to the requirements under 4.

Legal basis: Section 48, 49 and 50, Act 2019

3.1.1 – NIVEA Family / Ambassador Program

If you agree to be part of our NIVEA Ambassador program (“NIVEA Family”) then any communication, e.g. by email, social media, surveys, questionnaires, community forums, or any other form of direct communication, the data you provide (your email address, personal details (e.g. your name, address, telephone number, or personal data volunteered by yourself) will be stored and processed by us in order to e.g. answer your questions, requests or to personalise our communication and product mailings. We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request. In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, social listening tools, campaign management software) in accordance with the purposes required (e.g. for personalising communication, creating relevant product mailing lists, community management). Platform/hosting providers will have access to personal data from a third country (countries outside of Kenya). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Section 48, Section 49 and Section 50, Act 2019 with these providers or they are (additionally) EU-U.S. Privacy Shield certified. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

You can object to these processes according to the requirements under Section 4.

Legal basis: Section 32, Act 2019.

3.2 Newsletter

The newsletter contains news, offers and further information on the selected Beiersdorf brands. By subscribing to the newsletter you will receive in accordance with the consent you have given in each case  personalized information about the products, services or suggestions for participation in promotions, such as competitions or product tests by e-mail or advertising on your own or third-party channels (e.g. via social media).

With your registration for the newsletter you will receive a newsletter tailored to your needs (if the newsletter is "personalized", "individualized" or "customized"). We evaluate your purchase and click behavior on our websites or within the newsletter in order to compile the information relevant to you.

The newsletter is usually sent once a month ("regularly"). In individual cases (e.g., for special actions), weekly emailing may also occur.

We also use remarketing measures to show you the relevant online advertising.

The data will be forwarded to our customer management platform, which service providers may also have access to support and implement the newsletter. Platform/hosting providers will have access to personal data from a third country (countries outside of Kenya). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Section 48, Section 49 and Section 50 of Act 2019 with these providers or they are (additionally) EU-U.S. Privacy Shield certified. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

These collected data are automatically deleted after 24 months if they no longer respond to the newsletter, e.g. open (inactivity). If you no longer wish to receive the newsletter, you can unsubscribe at any time. Click on the link contained in each newsletter, you will then be guided through the unsubscribe process, or send us your withdrawal by email.

Legal basis: Section 32, Act 2019.

3.3 Campaigns (e.g. Sweepstakes, Surveys, Product Tests)

When you participate in sweepstakes or similar campaigns, we use the personal information you provide to conduct the campaign. Further information on the purposes can be found in the respective terms and conditions of the campaign.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, shipping, processing service providers) in accordance with the purposes required (to carry out the campaign). Platform/hosting providers will have access to personal data from a third country (countries outside of Kenya). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Section 48, Section 49 and Section 50 of Act 2019 with these providers or they are (additionally) EU-U.S. Privacy Shield certified. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Your data will be deleted after the final processing of the campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations.

The provision of your personal data is necessary for the performance of a contract. You are not obliged to provide your personal data. If your data is not provided, you cannot participate in the campaign.

Further information can be found in the respective terms and conditions of the campaign.

Legal basis: Section 25 (c), Act 2019.

  

3.4 Postal Mailings

As a selected customer, business partner, test person and/or consumer, you will also receive individual product information, offers, news and product samples from us by post (letter).

This is a special form of direct marketing, which is also our legitimate interest and intensifies loyalty by providing the above-mentioned persons exclusive information.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. customer/consumer management service providers, marketing agency, postal service provider) in accordance with the required purposes (postal mailings). Platform/hosting providers will have access to personal data from a third country (countries outside of Kenya). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Section 25 of Act 2019 with these providers or they are (additionally) EU-U.S. Privacy Shield certified. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Your data will be deleted as soon as you have unsubscribed, unless this conflicts with legal storage obligations or statutes of limitations. You can unsubscribe or object to further postal mailings as stated within the letter or in the section objection below. We further delete your personal data automatically after 24 months inactivity (e.g. when you do not use the sent coupons).

Legal basis: Section 25, Act 2019.

3.5 Ratings and Reviews

As a consumer, you have the possibility to submit ratings and reviews for all products listed on our website. It is in our, and consumers, best interest that users can give their free, unbiased opinion about products.

Your rating will be published alongside your username. We recommend that you use a pseudonym instead of your clear name, due to privacy concerns. Reviews with clearly identifiable personal information will not be published. All reviews will be reviewed and moderated before they are published. We reserve the right to delete comments if they are objected to as unlawful by third parties, or if they do not follow the correct ratings and reviews guidelines.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. hosting service providers, customer management service providers) in accordance with the required purposes (for publication on the website).

We work with our retail partners to moderate our ratings and reviews, and to ensure that each review has been independently verified as genuine, unbiased and fully transparent. This also means that your reviews will be posted on the product pages of retailers where Beiersdorf products are sold.

Legal basis is Section 25, Act 2019.

3.6 Webshop

If you would like to order products in our web shop, it is required for the conclusion of the contract that you enter your personal data, which we need for the completion and execution of your order.

Required information for the execution of the order is marked separately, any other information you provide is voluntary. We process the data provided by you only to process and execute your order.

For this purpose we might transmit on the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contractors (e.g. payment providers, fulfilment providers, customer management service providers, content management provider) in accordance with the required purposes (processing and execution of the order). Platform/hosting providers will have access to personal data from a third country (countries outside of Kenya). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Section 48, Section 49 and Section 50 of Act 2019 with these providers or they are (additionally) EU-U.S. Privacy Shield certified. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

To prevent unauthorised access to your personal data, especially financial data, the order process is encrypted using TLS technology.

In addition, you can voluntarily create a customer account through which we can store your data for future purchases. When you create such an account on the website, the data you have provided will be stored revocably. All other data, including your user account, can always be deleted in the customer area.

We may also process the information you provide in course of your purchase in our web shop to send you interesting product information based on the products you have been purchased in our web shop or to give you the possibility to rate your purchased products. We therefore send you information by e-mail in context with your purchase. This is a special form of direct marketing, in which we have a legitimate interest in strengthening consumer loyalty by suggesting appropriate and interesting product information. Besides that, we may also send you technical or other factual information in context with your purchase. You can object at any time to receiving such information by following the requirements as described in in Section 4.

We are obliged by commercial and applicable tax laws to store your address, payment and order data for a period of up to ten years.

Used Cookies: Type A. For further information, see Cookie Section.

Cookie lifetime: up to 2 years.

Maximum storage period of data: up to 14 months.

Legal basis: Section 39, Act 2019.

 

3.7 Surveys

When you participate in surveys or similar campaigns, we process the personal information for the purpose described in the consent. The data collected covers questions around the intended purpose of the survey or similar campaign, as well as additional socio-demographic information about you. You may participate without identifying yourself, unless this has been part of the consent.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform, hosting, analysts) in accordance with the purposes required (to carry out the surveys). Platform/hosting providers will have access to personal data from a third country (countries outside of Kenya). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Section 48, Section 49 and Section 50 of Act 2019 with these providers or they are (additionally) EU-U.S.

Privacy Shield certified. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Your data will be deleted after the final processing of the survey or similar campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations. Usually, data will be deleted after two years.

Legal basis: Section 25, Act 2019.


Objection or Withdrawal of Your Consent to the processing of Personal Data

If you have given your consent (Section 25, Act 2019) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.

If we base the processing of your personal data on the weighing of interests (Section 25, Act 2019), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions / services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.