THE PROTECTION OF YOUR DATA IS IMPORTANT TO US!

For NIVEA not only the care and protection of your skin is important. We also attach great importance to the protection of your personal data. That's why we respect your privacy and want you to be able to trust us as much when it comes to data protection as when it comes to skin care. We always inform you transparently about what we need your data for and if and for how long we store it. This allows you to decide for yourself for which purposes we may use your data. To ensure the best possible security, the information is always transmitted to us in encrypted form. If you no longer wish us to use your data, please let us know informally, for example by email.

1. General Information

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our app and related services. This privacy policy applies to all apps or services that refer to this privacy policy.

1.1. Processing of Personal Data

Personal data within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

1.2. Controller

Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is: Beiersdorf AG, Unnastraße 48, 20253 Hamburg; info[at]beiersdorf.com (see our imprint).

Contact details of the data protection officer: Dataprotection[at]Beiersdorf.com or under the postal address of the controller for the attention of the “data protection officer”

1.3. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data in accordance with the legal provisions:
  • Right of access;
  • Right to rectification and to erasure;
  • Right to restriction of processing;
  • Right to data portability; and
  • Right to object.

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 3.1.

1.4. Disclosure to Authority

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies.

Legal basis: Art. 6 (1) c GDPR (legal obligation)

2. Collection and Processing of Personal Data when visiting our App

The mobile app is downloaded to your mobile device and can be used without access to the Internet.

The following data is stored locally on your mobile device. When using the app this data is only stored until you delete the app on your mobile device:

- Push notifications were allowed by the user (Yes/No)

- Access to the camera of the device was allowed by the user (Yes/No)

- Access to the microphone of the device was allowed by the user (Yes/No)

- Access to the camera or microphone of the device has been denied by the user (Yes/No)

- Recording of data for the use of the application was rejected by the user (Yes/No)

When the app is uninstalled, these data will be deleted.

When using the mobile app, we collect the personal data that enables convenient use of the functions. If you want to use our mobile app, we collect the data that is technically necessary for us to offer you the functions of our mobile app and to guarantee stability and security.

When downloading our mobile app, all required information will be transferred to the App Store, in particular the user name, email address and customer number of your account, timestamp of download, payment information and the individual device code number. We have no influence on this data collection and are not responsible for it. We only process the data if it is necessary for downloading the mobile app to your mobile device.

The data you provide us with will only be stored by us for as long as it is necessary for the fulfilment of the respective purpose or for compliance with legal regulations.

Legal basis:

Art. 6 (1) b GDPR (situation similar to a contract

2.1. Access permissions to functions on your mobile device

The app accesses only those functions of your smartphone or tablet ("device") that are required for the described purposes.

 Before accessing the respective functions, the following access rights are requested from you:

  • Access to the camera for the “Augmented Reality” function. The data from this function will not be stored.
  • Access to the microphone for the “Augmented Reality” function. The data from this function will not be stored.

Legal basis:

Art. 6 (1) b GDPR (situation similar to a contract)

Art. 6 (1) a GDPR (consent)

2.2. Changes to your personal settings

You can revoke or reassign the access authorizations granted to your mobile device at any time under your personal settings (to be found under “Data protection”). If you remove individual access rights from the app, the app can no longer be used.

2.3. Push Notifications

If you have agreed to push notifications, we will send you messages with reminders regarding on your device. You see these messages on the lock screen as an active window while using your mobile device and highlighted on the app-icon of your mobile device.

You can withdraw to the receipt of push notifications at any time under your personal settings of your device and switch them off accordingly.

Legal basis:

Art. 6 (1) a GDPR (consent)

2.4. App Analytics

2.4.1 Google Analytics

Purpose/Information:

This app uses Google Analytics, a web analysis service of Google Ireland Ltd. (“Google”). Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our app. The information about your use of this app generated by the cookie is generally transmitted to a Google server in the USA and stored there.

We would like to point out that Google Analytics has been expanded on this app to include the code “gat._anonymizeIp();” to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this app, your IP address is shortened by Google within the territory of the EU and the Treaty States of the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.

Google uses this information on our behalf to analyze your use of this app in order to compile reports on app activities and provide additional services related to app and internet use. Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

We use Google Analytics to analyse and regularly improve the usage of our app. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. In addition, we gain information about the functionality of our site (for example to detect navigation problems).

In the configuration of Google Analytics, we ensured that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The "Google Analytics Advertising Features" configuration is independent from this and is described in the appropriate section below, provided it is also used on this app.

Recipients:

Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google Analytics Terms of Service: https://www.google.com/analytics/terms/gb.html, General overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en, as well as Google’s privacy policy: https://policies.google.com/privacy?hl=en. Google has submitted itself to the EU-US Privacy Shield, (https://www.privacyshield.gov/EU-US-Framework).

Deletion/Withdrawal:

You can deactivate Google Analytics within the menu of the app.

Cookie lifetime: up to 12 months (this applies only to cookies which have been set by this app)

Maximum storage period of data: up to 26 months.

Legal basis:

Art. 6 (1) a GDPR (consent)

3. Further services offered (on- and offline)

In addition to the purely informational use of our app, we offer various other services, for which we process your personal data.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below.

External service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

We may also disclose your personal data to third parties when we offer promotions, sweepstakes, contracts or similar services in conjunction with partners. Further information can be obtained at the time when you provide the data or in the description of the services below.

If our service providers are based in a country outside the European Economic Area (EEA), international data transfers can occur. We will inform you of the consequences of this circumstance in the description of the service below.

3.1. Contacting/Communication/Collaboration

Purpose / Information:

When communicating and/or collaboration with us, e.g. by email or via contact form on our app, data exchange platform, be it e.g. as a consumer, test person, business partner or customer, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.

Recipients:

In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If you are a business partner, we regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. For this purpose, we cooperate with credit agencies from which we receive the necessary data. For this purpose we transmit your name and your contact data to the credit agencies.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. hosting, call center service providers) in accordance with the purposes required (e.g. for establishing contacts, business related correspondence and customer care). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers or they are (additionally) EU-U.S. Privacy Shield certified. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion /Objection:

We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.

You can object to these processes according to the requirements under 4.

Legal basis:

Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract)

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation)

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above)

4. Objection or Withdrawal of your consent to the Processing of Personal Data

If you have given your consent (Art. 6 (1) a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on the weighing of interests (Art. 6 (1) f GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions / services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.