Privacy Policy

1.2. Controller
Responsible for the processing of personal data within the meaning of Art. 4 (7) UK GDPR is: Beiersdorf UK, Trinity Central, Trinity Park, Birmingham, B37 7ES. (see our imprint).

Contact details of the data protection officer: [Dataprotection[at]Beiersdorf.com] or under the postal address of the controller for the attention of the “data protection officer”.

Specific data processing activities might occur under the responsibility of other controllers. It is indicated in the respective description of those activities below, where this is the case. 

1.3. Rights of the Data Subject
As data subject affected by the data processing activity, you have the following rights with regard to your personal data in accordance with the legal provisions:

• Right of access;
• Right to rectification and to erasure;
• Right to restriction of processing;
• Right to data portability; and
• Right to object.

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3.1.

1.4. Recipients (general information)
Additionally to the recipients that are listed within the recipients paragraph of each section below, we transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors in accordance with the purposes required. We also forward the data to the following recipients:

-Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area or UK). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

-Analytical service providers will have access to personal data from a third country (countries outside the European Economic Area or UK). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

-IT support service providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

-Authorities: In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies acc. to: Art. 6 (1) c UK GDPR (legal obligation).

Further information can be found within the recipients paragraph of each section.

When visiting and using our website we already collect personal data. You can find within this section more information about website specific processes and tools especially from external partners. Further information about processes which can also occur in an offline context can be found in section 3.

2.1. Hosting
Purpose/Information:
When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

Used Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
-Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area or UK). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

-Service Provider for IT-Support will have access to personal data from a third country (countries outside the European Economic Area or UK). As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion:
The deletion of the log files takes place after 7 days.

Legal basis:
Art. 6 (1) f UK GDPR (legitimate interest)

2.2. Login functionalities
This website might provide different login functionalities as described below.

2.2.1. Centralised Login Profile
Purpose/Information: 
This website might provide you with a centralised login profile, if this feature is activated on this website and includes a separate consent during the registration process: When registering, Beiersdorf AG provides you with the opportunity to create an account with a password (login profile). This login profile will be created within the centralised brand login profile database and shall verify that you are the valid owner of the account and/or email address. This login database is in general only connected to the service you are registering to and handles only the verification part of your login profile. The login profile will therefore be forwarded to the respective local Beiersdorf company you are demanding the service for.  

If you demand additionally further services of another Beiersdorf company (e.g. registering a login profile for another country site) your login profile incl. password can be optionally reused for your demanded service within this brand. 

Used Cookies: Type A. More information can be found in the “Cookies/Tools” section.

Controller: 
Responsible for the centralised profile is Beiersdorf AG, Beiersdorfstr. 1-9, 22529 Hamburg, Germany. 

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or under the postal address of the controller for the attention of the “data protection officer”.

Recipients:
Platform/Hosting provider. Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:
Your login profile will be automatically deleted as soon as you have deleted your local brand account on the registered website, unless this conflicts with legal storage obligations or statutes of limitations. In cases where you are registered with this login profile to more than one local brand account, your login profile will be deleted when all your local brand accounts are deleted. An automatic deletion of local brand accounts in general take place after 24 months of inactivity. 

In case you only created this login profile without registering to a local brand account, this login profile will be automatically deleted within one day. 

Legal basis:
Art. 6 (1) a UK GDPR (consent; centralised login profile) 

2.2.2. Social Login
Purpose/Information: 
To register and log in to your account, you also have the option of authenticating yourself with your existing profile on one of the following social networks, Facebook, X, Apple or Google, and finally registering or logging in.

For this purpose, you will find on the registration page or login page the corresponding symbols of the respective social networks supported by our website. Before a connection to the social networks is established, you must expressly agree to the process and transmission of data described below:

By clicking on the respective symbol, a new pop-up window opens, in which you must log in with your login data for the social network. After you have successfully logged in, the social network provider will inform you, which data will be transmitted to us for authentication as part of the registration or login process. If you have agreed to this data transfer, the fields required by us for registration will be filled with the transmitted data. The information we require for registration or login is your email address.

Only after your express consent to the use of the transmitted and required data, your data will be stored by us and used for the purposes as stated within this Privacy Policy. There is no link beyond the authentication process between your account created with us and your account on the corresponding social network.

In order to perform the authentication process for registration and login, your IP address is transmitted to the respective social network provider. We have no influence on the purpose and scope of data collection and on the further processing of the data by the respective social network providers. 

Controller: 
In case this feature is provided within the centralised login profile functionality: Responsible for this social login feature is Beiersdorf AG, Beiersdorfstr. 1-9, 20259 Hamburg, Germany.  

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or under the postal address of the controller for the attention of the “data protection officer”. For all other cases the controller is named under clause 1.2. above.

Recipients/Sources:

Main service providers:
-Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland
-X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
-Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
-Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Deletion:
The deletion is in the responsibility of the main service providers. 

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3. Cookies/Tools
This website uses cookies or other technologies/tools like pixels, local storage, tags, IDs or external services (hereinafter referred to as “Cookies/Tools”) and are used on when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be accessed on your device and transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).

Through the information saved and returned, the respective website can recognise that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies/tools, the scope and functionality of which are explained below:

• Type A: Technical/Audience Measurement – to ensure that the demanded service can be provided including basic analysis. (No consent necessary acc. to ePrivacy Directive 2002/58 EC).
• Type B: Functional and Performance – Additional tools to measure the performance/attractiveness of our website and to provide further additional (personalised) functionalities.
• Type C: Marketing – Cross websites tools for marketing profiling based on user behaviour.

You can find more information on in the description of the tools implemented on our websites in this privacy policy. In case this website is using a consent management platform you can additionally find further information in there.

Please note that the tools listed in the following subsection might not be constantly in use.

2.3.1. Consentmanager CMP – Central cookie management platform
Purpose/Information:
This website is using the consent management tool “Consentmanager” (www.consentmanager.net) to obtain consent for data processing and use of cookies or comparable functions. With the help of “consentmanager” you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalised advertising. With the help of “Consentmanager” you can grant or reject your consent for all or individual purposes or functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned functions and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from your end device, such as the IP address, are processed.

By processing the data, consentmanager helps us to fulfil our legal obligations (e.g. obligation to provide evidence). Our interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. “Consentmanager” stores your data as long as your user settings are active.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider is Consentmanager AB, Håltegelvägen 1b, 72348 Västerås Sweden.

Further recipients can be found in the general recipients section 1.4.

Deletion:
The data will be deleted after 13 months. The choice you have made (consent/setting) will be stored for one year and can be viewed within the Cookie Settings. The Cookie Settings are located on the bottom of the main page. You can always delete your choice by deleting the cookies within your browser.

Legal basis:
Art. 6 (1) b UK GDPR (situation similar to a contract)
Art. 6 (1) c UK GDPR (when processing is necessary for compliance with a legal obligation)

2.3.2. Beiersdorf Simplicity
Purpose/Information:
This site uses an own hosted tool to analyse and regularly improve the usage of our website. It helps us to ensure that the website operates correctly especially by checking the functionalities of the website (e.g. to detect website navigation problems or to ensure enough server capacities). The statistics obtained also allow us to improve our website and make it more interesting for you as a user. Your IP-address will be automatically anonymised.

Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
The collected personal data will be deleted after 1 day. Your IP-address will be anonymised immediately. You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Legal basis:
Art. 6 (f) UK GDPR (legitimate interest ensuring the website operation and statistical usage)

2.3.3. Google Analytics
Purpose/Information:
This website uses Google Analytics, a web analysis service of Google Ireland Ltd. (“Google”). The configuration of Google Analytics has been modified by us to the measurement only function, unless separate consent for further advertising features has been given.

Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website. The cookies set by Google Analytics for measurement are first party cookies, which means that data subjects’ cookie values will be different for each customer (i.e. there is not a single Google Analytics cookie ID that is used on all sites using Google Analytics). The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there.

Google Analytics is only used with an IP-Anonymization. The IP addresses are anonymized by default by Google and additionally by us.

Google uses this information on our behalf to analyse your use of this website in order to compile reports on website activities and provide additional services related to website and internet use.

We use Google Analytics to analyse and regularly improve the usage of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. In addition, we gain information about the functionality of our site (for example to detect navigation problems).

In the configuration of Google Analytics, we ensured that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The “Google Analytics Advertising Features” configuration is independent from this and is described in the appropriate section below, provided it is also used on this website.

Cookies/Tools: Type B. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google Ireland Ltd, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 26 months.

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.4. A/B Testing
Purpose/Information:
This website also carries out analyses of user behaviour via a so-called A/B testing. We can show you our websites with slightly varied content, depending on your profile assignment. This enables us to analyse and regularly improve our services and make them more interesting for you as a user.

Cookies are stored on your computer for these analyses. The information collected in this way is stored exclusively on a server in the EU. You can prevent the storage of cookies by making the proper setting using your browser software.

Before the analyses are carried out, the IP addresses are further processed in abbreviated form, so that direct personal contact can be ruled out. The IP address transmitted by your browser is not merged with other data collected by us.

Cookie/Tools: Type B. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service providers: Varify Software GmbH, Germany / Peaks & Pies GmbH - Germany

Further recipients can be found in the general recipients section 1.4. 

Deletion/objection:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 2 years (this applies only for cookies which have been set by this website).

Maximum storage period of data: up to 25 months.

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.5. Google Ads (formerly Google Adwords)
Purpose/Information:
Google Ads Conversion

We use the services of Google Ads to draw attention to our attractive offers with the help of advertisements (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

The advertisements are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognise your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their device has not expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognise which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

Google Ads Remarketing

We use the remarketing function within the Google Ads service. The remarketing function allows us to present to users of our website advertisements based on their interests on websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores cookies in the browsers of users who visit certain Google services or websites in the Google Display Network. This cookie is used to record the visits of these users. The number is used to uniquely identify a web browser on a particular device. 

Cookies/Tools: Type C. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google Ireland Ltd, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 180 days (this applies only for cookies which have been set by this website).

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.6. Google Analytics Advertising Features
This website also uses the extended functions of Google Analytics (Google Analytics Advertising Features) in addition to the standard functions. The Google Analytics Advertising Features implemented on this website include:

• Google Display Network Impression Reporting
• Google Analytics Demographics and Interest Reporting
• Remarketing Audiences based on specific behaviour, demographic, and interest data, sharing those lists with Google Ads
• Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers
• Google Signals in order to receive more insights about you when you are signed in to your Google account in the browser with which you are accessing this website. This feature is only active if you have additionally consented within your Google settings to the data sharing/Ads Personalisation.

We therefore use first-party cookies (e.g. Google Analytics cookies) and Google advertising cookies and identifiers together in order to optimise our website.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section. 

Information about Google Consent Mode:

Additionally, this website uses Google Consent Mode. Consent Mode sends statistical data via cookie-less pings about whether a user has clicked on an ad or link and has landed on our website (conversion). The statistical data is then used with a mathematical modelling to enhance the internal reporting. A ping contains by default technical information like the IP-address, platform type or screen resolution. As these data or the combination of it might theoretically be considered as personal data by Google Ireland Ltd, additional measures have been implemented to ensure that the ping data is not personal data: Certain information of the ping are being set to a default value by our server before sending it to Google analytics.

Recipients/Source:
Main service provider and source: Google Ireland Ltd, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 12 months (this applies only for cookies which have been set by this website).

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.7. Google Campaign Manager
Purpose/Information:
This website also uses the online marketing tool Campaign Manager by Google. Campaign Manager uses Cookies to display ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, Campaign Manager may use cookie IDs to collect so called conversions related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and buys something there.

Your browser automatically establishes a direct connection to the Google server once visiting our website. We have no influence on the extent and the further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Campaign Manager, Google receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

In addition to that, Campaign Manager cookies (e.g. named as DoubleClick or Floodlight)  allow us to understand whether you complete certain actions on our website(s) after viewing one of our display/video ads on Google or other platforms through Campaign Manager or clicking through one (conversion tracking). Campaign Manager uses this cookie to understand the content with which you have interacted on our website(s) in order to be able to send you targeted advertising later.

Used Cookies: Type C. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google Ireland Ltd, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion/Withdrawal
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.8. Adform
Purpose/Information:
This website uses the online marketing tool Adform by Adform A/S Denmark. Adform uses tracking on our website via cookies and similar tracking technologies based on IDs (short cookie). The Adform cookie is placed on our website as soon as you have given your consent. An Adform cookie will also be placed, if you view our advertisement placed on third-party websites via Adform and you have consented to cookies on that website. 

The legal basis for the placement of Adform cookies is your consent. Personal data is collected for analytical purposes and for the purpose of optimizing and personalizing advertising campaigns for Adform’s customers, including us. The Adform cookie collects the following data from us or our advertising material: Cookie ID, device type / ID, time of clicking on the website or the advertising medium, the URL of the website or the advertising medium, information automatically sent by your device (including Language setting, IP address, demographic data) interest data, socio-demographic data associated with a cookie or other ID.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Adform A/S, Denmark.

Joint Controllership:

We and Adform are joint controllers of the collection of personal data and their disclosure to Adform by means of the Adform cookie and as joint controllers. The agreement lays down, who is responsible for compliance with certain data protection duties and who is responsible for follow-up in relation to your data protection rights. Adform is responsible for responding to your queries and for your data protection rights (e.g. the duty to provide information, your right to object, etc). To exercise your rights, you can contact Adform at the following link. You can also contact us about this. You can withdraw your cookie consent at any time and without giving reasons, by contacting Adform or deactivate the tools as stated below.

When Adform processes the data for its own purposes, Adform is the only data controller and solely responsible for its optimizing of advertising campaigns and target groups. Adform will analyse the data collected via cookies and IDs to be able to deliver targeted advertising purchases on behalf of Adform’s customers (including us), as detailed in Adform’s Privacy Policy. Click here for additional information on Adform’s processing, including when Adform will delete your data.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Maximum storage period of data: up to 13 months.

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.9. (Website) Facebook Custom Audiences / Conversion (“Facebook Pixel”)
Purpose/Information:
This website uses the so-called “Facebook Pixel” and the Conversions API of the social network “Facebook” by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes:

• Facebook (website) Custom Audiences
  We use the Facebook pixel and the Conversions API for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements (“Facebook Ads”) to users of the website when they visit the social network “Facebook” or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you.
  
  
• Facebook conversion
  We also use the Facebook Pixel and the Conversions API to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

Due to the marketing tools used (Facebook Pixel and Conversions API), your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies requiring your consent. Through the integration of the Facebook pixel and the usage of the Conversions API, Facebook receives the information that you have called up the corresponding website of our internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.

The processing of this data by Facebook takes place within the framework of Facebook’s data policy. Special information and details about the Facebook pixel, the Conversions API and its functionality can also be found in the Facebook help area.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section.

Recipients:
Joint Controller:

We are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transfer of data in this process. This applies to the following purposes:

• The creation of individualised or suitable ads, as well as for their optimization
• Delivery of commercial and transaction-related messages (e.g. via Messenger)

The following processes are therefore not covered by joint controllership:

• The process that takes place after the collection and transmission is within the sole responsibility of Meta.
• The preparation of reports and analyses in aggregated and anonymised form is carried out as a Processor and is therefore within our responsibility.

We have concluded a corresponding agreement with Meta for joint controllership, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for fulfilling the obligation under the UK GDPR with regard to joint controllership.

The contact details of the Controller and the data protection officer of Meta can be found here: https://www.facebook.com/about/privacy.

We have agreed with Meta that Meta can be used as a contact point for the exercise of data subject rights (see Section 1.3.). Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited.

Further information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f UK GDPR.

Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page and for logged in users at https://www.facebook.com/settings/?tab=ads#.

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.10. Social Plug-ins
Purpose/Information:
Social plug-ins (“plug-ins”) of social networks (Facebook, X, Pinterest) are used on our websites, in particular the “Share” or “Share with friends” button of Facebook, whose website facebook.com is operated by Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. The plug-ins are usually marked with a Facebook logo.

Besides Facebook, we use plug-ins from X (Provider: X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103) and Pinterest (Provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland).

For data protection reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social network. For this reason, there is no automatic data transmission to social networks such as Facebook, X or Pinterest once you access our website. Data will be transmitted to social networks only if you actively click on the respective social network button. In this case, your web browser starts a connection to the respective social network's servers. By clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your browser will produce a link to the respective social network's servers and transmit usage data to the respective operator of the social network and vice versa. We have no influence upon the nature and extent of the data that is then gathered by the social networks.

The social network providers store the data collected about you as user profiles and use these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in providers to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

Recipients:

Main service providers:
-Meta Platforms Ireland Limited, Ireland
-X Corp., USA
-Pinterest Inc., USA.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Deletion:
The deletion is in the responsibility of the main service providers.

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.11. YouTube-Videos
Purpose/Information:
We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.

By playing the videos YouTube receives the information that you have accessed the corresponding subpage of our website and might place further tools for marketing purposes. If you are logged in to Google, your information will be directly associated with your account.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
The deletion is in the responsibility of the main service providers.

You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.12. Google Tag Manager
Purpose/Information:
This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data are stored. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.

Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google Ireland Ltd, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Deletion:
The Google Tag Manager does not store any personal data.

Legal basis:
Art. 6 (1) f UK GDPR (legitimate interest)

2.3.13. Google Maps
Purpose/Information:
This website uses the service Google Maps to display map material and/or show directions (e.g. in our pharmacy finder). When you use the service, information about your use of this website and your IP address is transmitted to a Google server in the USA. This takes place regardless of whether you have a Google account through which you are logged in or whether no user account exists. Google might also place further tools for marketing purposes. If you are logged in with Google account, your data will be linked directly to your account.
Further information on the purpose and scope of data collection and its processing by Google can be found at https://www.google.com/policies/privacy/.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google LLC, USA.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information on this topic is published here:(such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
The deletion is in the responsibility of the main service providers. You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Legal basis:
Art. 6 (1) a UK GDPR (consent)

2.3.14. Friendly Captcha
Purpose/Information:
This website uses in specific cases the Friendly Captcha to avoid the usage of text fields by automated programs/bots. It helps to support the security of our website and to avoid SPAM for the users. This is also our legitimate interest and fulfils our legal obligation.

Further information: https://friendlycaptcha.com/legal/privacy-end-users/.

Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Friendly Captcha GmbH, Germany. 

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
The IP-address will be immediately after collection anonymised.

Legal basis:
Art. 6 (1) c UK GDPR (when processing is necessary for compliance with a legal obligation)
Art. 6 (1) f UK GDPR (when processing according to the legitimate interest described above)

2.3.15. LinkedIn Insight Tag
Information/purpose:
We use the LinkedIn Insight Tag on this website. The LinkedIn Insight Tag collects metadata such as URL, IP address, timestamp, device and browser characteristics in order to produce insights and campaign reporting. We are not able to identify you through these reports. LinkedIn provides only reports and alerts (which do not identify you) about the website audience and ad performance. You can control the use of your personal data for advertising purposes through your LinkedIn account settings.

Further information:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/legal/cookie-policy
https://www.linkedin.com/legal/l/cookie-table

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: LinkedIn Ireland Unlimited Company, Ireland.

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion/withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 90 days after last interaction (this applies only to cookies which have been set by this website)

Legal basis:
Art. 6 (1) a UK GDPR (consent)

In addition to the online use of our website, we offer various other services, for which we process your personal data also in an offline context.

3.1. Contacting/Communication/Collaboration
Purpose/Information:
When communicating and/or collaboration with us, e.g. by email or via contact form on our website or a data exchange platform, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.  

We may ask you when you contact us by telephone whether the telephone call may be recorded for quality assurance and training measures. If you agree to the recording, we will process all information that you share with us during the call (communication content, possibly also sensitive (health) data, as well as your phone number and other personal data).

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request. 

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service. 

Business partner only:
With regard to the cooperation with our suppliers, we have implemented an internal evaluation process which, in our legitimate interest, is intended to improve the business relationship by developing an "action plan". As a rule, we only process information about the company, but conclusions can be drawn about you as the contact person, if the communication with suppliers is examined with regard to response times, reliability and transparency.

Specific processing purposes are listed in the “Recipients and sources” section below based on the third parties used in the process.

Recipients and sources: 
We transfer the data to the following recipients:

-        Customer/Consumer service providers
-        Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2. 

Further recipients can be found in the general recipients section 1.4.

Business partner only:
In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If an affiliated company reports a need to work with you as a supplier, we will share our experiences from working with you with the affiliated company.

We will compare your data against published lists of misleading suppliers (e.g. warning lists of World Intellectual Property Organization and Bundesanzeiger Verlag GmbH) to make an informed decision about potential payments. We also regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. We cooperate with credit agencies (e.g. Dun & Bradstreet Deutschland GmbH (“D&B”), Germany) from which we receive the necessary data. For this purpose, we transmit your name and contact details or the D&B D-U-N-S® number assigned to your company to the credit agencies. In our legitimate interest in faster data entry, D&B provides us with addresses of our business partners. EcoVadis SAS, France provides us with a sustainability risk assessment to meet legal requirements and in our legitimate interest. Depending on the result, a longer sustainability assessment may result.

It may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymised data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.

Deletion/Objection:
We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year, if no other legal retention periods apply. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.

Call recordings are stored for a maximum of 90 days.

You can object to these processes according to the requirements under 4.

Legal basis:
Art. 6 (1) a UK GDPR in conjunction with Art. 9 (2) a UK GDPR (consent: telephone recording)
Art. 6 (1) b UK GDPR in conjunction with Art. 9 (2) f UK GDPR (when processing in the context of a contract or a situation similar to a contract)  
Art. 6 (1) c UK GDPR (when processing is necessary for compliance with a legal obligation)
Art. 6 (1) f UK GDPR in conjunction with Art. 9 (2) f UK GDPR (when processing according to the legitimate interest described above)  

3.2. Campaigns (e.g. Sweepstakes, Product Tests)
Purpose/Information:
When you participate in sweepstakes or similar campaigns, we use the personal information you provide to conduct the campaign. Further information on the purposes can be found in the respective terms and conditions of the campaign.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Recipients:
-Platform/hosting provider
-Consumer service provider
-Shipping service provider (e.g. for sending samples, prises)
-External agencies for support in campaigns
-Payment provider (e.g. cashback)

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion:
Your data will be deleted after the final processing of the campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations.

Legal basis:
Art. 6 (1) b UK GDPR (situation similar to a contract)

3.3. Postal mailings
Purpose/Information:
As a selected customer, business partner, test person and/or consumer, you will also receive individual product information, offers, news and product samples from us by post (letter).

This is a special form of direct marketing, which is also our legitimate interest and intensifies loyalty by providing the above-mentioned persons exclusive information.

Recipients:
-Platform/hosting provider
-Communication service provider
-Shipping service provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion/Objection:
Your data will be deleted as soon as you have unsubscribed, unless this conflicts with legal storage obligations or statutes of limitations. You can unsubscribe or object to further postal mailings as stated within the letter or in the section objection below. We further delete your personal data at the latest automatically after 24 months inactivity (e.g. when you do not use the sent coupons).

Legal basis:
Art. 6 (1) f UK GDPR (legitimate interest)

3.4. Surveys
Purpose/Information:
When you participate in surveys or similar campaigns, we process the personal information for the purpose described in the consent. The collected data covers questions around the intended purpose of the survey or similar campaign, as well as additional socio-demographic information about you. You may participate without identifying yourself, unless this has been part of the consent.

For some surveys it is necessary to ensure technically that no double participation or resumption of the survey is possible. This can be done, for example, through the use of individualised links or cookies.

Cookies used: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
-Platform/hosting providers
-Consumer management service provider
-External agencies for survey support

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 UK GDPR were concluded, which may include the UK’s Addendum to the standard contractual clauses or the UK’s International Data Transfer Agreement. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.4.

Deletion:
Your data will be deleted after the final processing of the survey or similar campaign (see terms and conditions of participation), unless this conflicts with statutory retention obligations or statutes of limitations. Usually, data will be deleted after two years.

Cookie lifetime: up to 180 days (this applies only to cookies which have been set by this website).

Legal basis:
Art. 6 (1) a UK GDPR (consent)

3.5. Data Privacy Statement for applicants (recruitment)
For more information about the application process please go to our dedicated Data Privacy Statement for applicants (recruitment) on our corporate Beiersdorf website.

If you have given your consent (Art. 6 (1) a UK GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on the weighing of interests (Art. 6 (1) f UK GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions / services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.  

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.