0 min read
Show more

 

PRIVACY POLICY

THE PROTECTION OF YOUR DATA IS IMPORTANT TO US!

For us is not only the care and protection of your skin important. We also attach great importance to the protection of your personal data. That's why we respect your privacy and want you to be able to trust us as much when it comes to data protection as when it comes to skin care. We always inform you transparently about what we need your data for and if and for how long we store it. 

1.General Information

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our website and related services. This privacy policy applies to all websites or services that refer to this privacy policy.

         1.1.Processing of Personal Data

Personal data (in short data) within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

         1.2. Controller

         Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is:
         Beiersdorf AG, Unnastraße 48 20245 Hamburg, Germany Telephone: +4904049090
 
        Contact details of the data protection officer: [Dataprotection[at]Beiersdorf.com] or under the postal address of the controller for the attention of the “data protection                       officer”.
        Specific data processing activities might occur under the responsibility of other controllers. It is indicated in the respective description of those activities below, where this            is            the case. 

        1.3. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data in accordance with the legal provisions:

  • Right of access;
  • Right to rectification and to erasure;
  • Right to restriction of processing;
  • Right to data portability; and
  • Right to object.

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3.1

1.4. Recipients (general information)

Additionally to the recipients that are listed within the recipients paragraph of each section below, we transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors in accordance with the purposes required. We also forward the data to the following recipients:
-Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. 
-Analytical service providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.
-IT support service providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.
-Authorities: In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies acc. to: Art. 6 (1) c GDPR (legal obligation).
Further information can be found within the recipients paragraph of each section.


2. Collection and Processing of Personal Data when visiting our Website

When visiting and using our website we already collect personal data. You can find within this section more information about website specific processes and tools especially from external partners. Further information about processes which can also occur in an offline context can be found in section 3.

2.1 Login functionalities

Purpose/Information:

You entered this website through the OneKey HealthCare Authenticator by registering or logging in to your account and are then verified as a healthcare professional. 
OneKey will inform you, which data will be transmitted to us for authentication as part of the registration or login process. 
Only after your express consent to the use of the transmitted and required data, your data will be stored by us and used for the purposes as stated within this Privacy Policy. 
Controller:  
IQVIA Commercial GmbH & Co OHG, Unterschweinstiege 2-14, 60549 Frankfurt/Main, Germany is responsible for data processing through the OneKey HealthCare Authenticator
The controller can be reached here:
https://www.healthcaresdks.com/en/contact-us

2.2 meetyoo Event Platform

Purpose/Information:
We use the Event Platform from the service provider meetyoo conferencing GmbH, Friedrichstrasse 200, 10117 Berlin, Germany (hereinafter meetyoo), with which this virtual event is organized.

The data processing by the processor meetyoo takes place on servers in data centres in the European Union. In this context, we ensure by means of data processing agreements in accordance with Art. 28 GDPR that comprehensive technical and organisational measures are implemented that comply with the currently applicable state of the art of IT security, e.g. with regard to access authorisation and end-to-end encryption concepts for data lines, databases and servers.

We process the following personal data for the following purposes:


Log files
When you register on log into the website, server log files (IP address, technical information about the terminal device used and the browser used, including version and any plugins installed as well as fonts, data volumes, technical information about data transmission, such as access status/HTTP status code) are processed. In addition, technical error codes as well as the date and time of dial-up and time zone are processed. This serves to identify and prevent cases of misuse (e.g. in the event that a third party misuses your data and registers on our site with this data without your knowledge). 

Participation in the virtual event
During your participation in the virtual event, we store the above-mentioned server log files as well as your interactions during your participation in the virtual event (e.g. downloads made, inquiries made). This data is used to allow an evaluation of the event. Specifically, this data is used for the following purposes:

  Use of personal data for personalised marketing
  We will receive from meetyoo your registration data and data about your activities during the virtual event (e.g. data about your visit to a certain virtual booth or                  download of a certain information, replies to a survey) to the extent that you have provided a declaration of consent for this as part of the registration process. 
 This also applies to the use of personal data for personalised marketing purposes. 

Withdrawal:
You can withdraw this consent at any time with effect for the future by sending an email to consent[at]Beiersdorf.com.

Deletion
Registration data Log files will be stored as long as it is necessary for the use of the service. The personal data collected in connection with your registration and participation in the virtual event, including the submission of feedback or questions, will be deleted no later than 3 years after your last activity with us.

Legal basis: 
Art. 6 (1) a GDPR (consent)

 

3. Further services offered (on- and offline)  

In addition to the online use of our website, we offer various other services, for which we process your personal data also in an offline context.

Contrary to 1.2, in some cases a Beiersdorf Company is Controller for the services offered below, which has already been named to you as part of the communication. If reference is therefore made to sections of this privacy policy, e.g. by link, and a Controller has already been named, e.g. in the footer/signature of an email or campaign card, this person is the Controller in accordance with. Art. 4 No. 7 GDPR. 

        3.1 Contacting/Communication/Collaboration

Purpose/Information:  
When communicating and/or collaboration with us, e.g. by email or via contact form on our website, data exchange platform, be it e.g. as a consumer, test person, business partner or customer, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

With regard to the cooperation with our suppliers, we have implemented an internal evaluation process which, in our legitimate interest, is intended to improve the business relationship by developing an "action plan". As a rule, we only process information about the company, but conclusions can be drawn about you as the contact person, if the communication with suppliers is examined with regard to response times, reliability and transparency.

We may ask you when you contact us by telephone as a consumer whether the telephone call may be recorded for quality assurance and training measures. If you agree to the recording, we will process all information that you share with us during the call (communication content, possibly also sensitive (health) data, as well as your phone number and other personal data).

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.

Controller:
If you purchase products in the eShop Beiersdorf NV, De Passage 126-136, 1101 AX Amsterdam, Netherlands, Beiersdorf NV is responsible for the data processing described in this clause. This applies also to any questions about your order that you might ask through the contact form provided in the eShop.

For all other cases of contacting/communication/collaboration is the controller named under clause 1.2 above.

Recipients and sources:
In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If an affiliated company reports a need to work with you as a supplier, we will share our experiences from working with you with the affiliated company.

If you are a business partner, we will compare your data against published lists of misleading suppliers (e.g. warning lists of World Intellectual Property Organization and Bundesanzeiger Verlag GmbH) to make an informed decision about potential payments. We also regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. For this purpose, we cooperate with credit agencies from which we receive the necessary data. For this purpose we transmit your name and your contact data to the credit agencies.

If you are a business customer or partner, it may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymised data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.

Additionally we transfer the data to the following recipients:

  • Customer/Consumer service providers
  • Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients can be found in the general recipients section 1.4.

Deletion /Objection:
We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year, if no other legal retention periods apply. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.

Call recordings are stored for a maximum of 90 days.

You can object to these processes according to the requirements under 4

Legal basis:
Art. 6 (1) a GDPR in conjunction with Art. 9 (2) a GDPR (consent: telephone recording)

Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract)

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above)

 

4. Objection or Withdrawal of your consent to the Processing of Personal Data 

If you have given your consent (Art. 6 (1) a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on the weighing of interests (Art. 6 (1) f GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions / services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.