1. Institution responsible
The institution responsible for collecting, processing and using personal data within the meaning of the Federal Data Protection Act (BDSG) is:
Beiersdorf Australia Ltd.
ABN 98 000 025 623
4 Khartoum Road
T: +61 2 9888 0977
The purpose of this data privacy statement is to provide you with information concerning the collection, processing and use (hereinafter referred to as “use”) of personal data. You can find out here how to oppose the use of your personal data in accordance with the applicable data privacy provisions.
2. Collection and use of personal dataPersonal data is information that identifies you, such as your name, e-mail or postal addresses. Beiersdorf does not collect personal data from you except when you specifically provide such data (e.g. when subscribing to e-mail newsletters, taking part in a survey, competition or sweepstake, ordering samples or brochures, or requesting for information) and consent to its use.
We store, use, or transfer your personal data only accordingly to your consent and to the extent – with respect to content and time – needed in each specific case, e.g. to respond to your questions or concerns, to fulfill your requests or to inform you about the results of a competition or sweepstake.
If you have agreed to a user profile being created using the sample declaration shown in the above box, we will use your data in the following ways:
- As a registered NIVEA customer, you have the opportunity to order from our webshop more rapidly and conveniently. When you register we will furthermore set up a user profile for you, in which all your previous and future activities on our website will be compiled (participation in prize draws, subscribing to the NIVEA newsletter, orders from the webshop, ratings submitted etc.). Your personalised user profile provides us with the opportunity to be able to offer you highly individualised content concerning our products and services. The components and content of your user profile are visible for you at all times. As a registered user you can also submit ratings on our products. In that respect, we will display your first names and the rating you submitted.
If we wish to use the data stored in your customer account for promotional purposes, we will always obtain your additional express consent (via a subscription to the NIVEA newsletter or NIVEA FOR ME, see below).
Should you no longer be interested in having a NIVEA customer account, you can delete it at any time. For this purpose, please log in to your customer account and carry out the deregistration process, or send us your revocation of consent to keeping the customer account (opt out notification) by e-mail.
b. NIVEA Newsletter
If you have subscribed to the NIVEA newsletter and have agreed to the declaration shown in the above box, we will use your data in the following ways:
The NIVEA newsletter contains news, offers and other information from NIVEA or other brands of Beiersdorf (e.g. Labello, 8x4) and Beiersdorf Hautpflege GmbH (hereinafter referred to as “NIVEA Haus”). In the NIVEA newsletter you will receive individualised advertising about our products or services, or proposals for participating in campaigns such as prize draws or product tests.By registering for the NIVEA newsletter you declare that you are in agreement that, in order to put together a personalised compilation of news, offers and other information for the NIVEA newsletter and deliver this to you, we evaluate your purchasing and clicking patterns on our websites so that we can compile a newsletter for you that is customised in line with your requirements and interests. Your details are also saved and used for market research and promotional purposes. For this purpose we will only contact you by e-mail. Finally, we will also use your data to analyse and improve the effectiveness of our websites.
- Should you no longer wish to receive the NIVEA newsletter, you can opt out from receiving the newsletter at any time and accordingly unsubscribe from it. To do that, please click on the link included in every newsletter. You will then be taken through the unsubscribing process, or you can send us your revocation of consent to receiving the newsletter (opt out notification) by e-mail.
c. NIVEA FOR ME (customer loyalty programme)
If you wish to take part in the NIVEA FOR ME loyalty programme and have agreed to the sample declaration shown in the above box, we will use your data in the following ways:
NIVEA FOR ME, the NIVEA world of experience, is specially orientated towards the requirements of women. By taking part you will receive the personal customer magazine, product samples and special offers from NIVEA and other brands of Beiersdorf (e.g. Labello, 8x4) and Beiersdorf Hautpflege GmbH (“NIVEA Haus”) regularly by e-mail and/or by post.
By registering, you declare that you are in agreement with your details being saved and used for market research and promotional purposes. We can then send you individualised advertising about our products or services, or invite you to take part in campaigns such as competitions or product tests. For this purpose, we will contact you via those channels of communication that you specify to us in connection with your consent to being contacted, such as by e-mail, if you provide us with your e-mail address. Finally, we will also use your data to analyse and improve the effectiveness of our websites.
Should you no longer be interested in NIVEA FOR ME, you can unsubscribe at any time. For this purpose, please log in to your customer account and carry out the deregistration process, or send us your revocation of consent to take part in NIVEA FOR ME (opt out notification) by e-mail.
3. Period of time for which your data is storedThe data provided by us will only be stored by us as long as is necessary for fulfilling the respective purpose for which you have transmitted your data to us, or for complying with statutory provisions.
If you have given us your express consent to use your personal data for promotional purposes (subscribing to the NIVEA newsletter or to NIVEA FOR ME), we will use your data for such purposes until such time as you revoke your consent. You may revoke the consent granted by you at any time with effect for the future.
4. Protection of your data when ordering and paying in the online shopIf you order products in our webshop either as a guest or a registered user, your personal data will only be transmitted in encrypted form. The payment processing is also in line with the highest security requirements. All data is transmitted encrypted, and is thereby protected from unauthorised access by third parties. Your credit and debit card data will, moreover, be processed and stored in accordance with the most stringent security requirements in the credit card industry, i.e. the Payment Card Industry Data Security Standard (abbreviated to “PCI DSS”), by the certified Payment Service Provider ConCardis GmbH (with registered office in Germany).
If you have decided on PayPal or immediate bank transfer as your method of payment, you declare that you are in agreement with your order data being gathered by PayPal (Europe) S.à r.l. et Cie, S.C.A. (with registered office in Luxembourg) or by Sofort AG, (with registered office in Germany) and processed for the purpose of handling the payment processing. The data privacy statements of the respective payment service providers shall apply.
If you have decided on giropay as your method of payment, you declare that you are in agreement that the IBAN and BIC data entered by you is transmitted to giropay GmbH (with registered office in Germany) in encrypted form for the purpose of handling the payment processing. The data transmitted will then be processed by giropay GmbH for this purpose. In such a case, the data privacy statement of the payment service provider shall also apply.
5. Limited passing on of data
When processing your request, it may be necessary for Beiersdorf to pass on your personal data to other affiliated companies within the Beiersdorf Group or an external service provider, also in respective European countries outside the EU, that exclusively act on our behalf. Such service providers may, for example, be commissioned with sending you product samples, distributing promotional materials or handling competitions or your order placed at our webshop, e.g. the shipping of the goods. Beiersdorf requires all affiliated companies within the Beiersdorf Group and its external service providers to keep your personal data exclusively in line with our specifications, and in compliance with this data privacy statement, as well as the statutory requirements on order data processing.
Furthermore, if you make an appointment with NIVEA Haus on our website, we will transmit your data that is required for that purpose to our 100% subsidiary, Beiersdorf Hautpflege GmbH, which operates NIVEA Haus, in accordance with the standards of this data privacy statement and the corresponding statutory regulations. Your data will only be saved and used for the purpose of your appointment.
Otherwise, we neither pass on personal data to third parties without your permission nor do we sell or lease data. We do, however, reserve the right to disclose information about you if we are legally obliged to do so or if we are requested to hand it over by legitimately acting authorities or criminal prosecution institutions.
Cookies for use-based online advertising
Here is how you can prevent cookies from being stored on your hard drive and/or delete them
Cookies used by us
We reserve the right to also use information that we have obtained by means of cookies from an analysis of the usage behaviour of visitors to our websites to show you specific advertising for certain of our products on our own websites. We believe that you as the user will benefit from this, because we show you advertising or content which, based on your user behaviour, we have reason to assume matches your interests, and you are therefore shown less randomly scattered advertising or certain content that could interest you less.
We as a company have voluntarily subjected ourselves to self-regulation of the German Data Privacy Council for Online Advertising (DDOW). You can find the self-regulatory code applicable to us and further information at this link: www.meine-cookies.org/ddow.html.
You can set your web browser in such a way that cookies are prevented from being saved to your hard drive and/or you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser’s operating manual. You will find an explanation in words and pictures for the web browsers Firefox, Microsoft Internet Explorer and Google Chrome at this link: http://www.meine-cookies.org/cookies_verwalten/index.html. If you not allow cookies to be stored, this may lead to functional restrictions of our website.
(1) Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses a specific form of “cookie,”i.e. text file, which is stored on your computer and enables an analysis of your use of the website. The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there. We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp();” to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google within the territory of the EU and the Treaty States of the European Economic Community. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
(2) Google AdWords
This website uses Google AdWords, an analysis service of Google, and conversion tracking, which is part of Google AdWords. This is how it works: When you click on an advertisement displayed by Google, Google AdWords stores a cookie for conversion tracking (a “conversion cookie”) on the hard drive of your computer. Such cookies lose their validity after 30 days and do not make it possible for you to be personally identified. Should you visit certain pages on our website, we and Google can recognise that you have clicked on the advertisement and were re-directed to this page.
The information obtained by way of the conversion cookies serves the purpose of generating statistics for AdWords customers who utilise conversion tracking. Through these statistics we find out the total number of users who have clicked on the advertisement displayed by Google and accessed a page with a conversion tracking tag.
We also use Google Analytics to analyze data from AdWords and any cookies from “DoubleClick”for statistical purposes. If you do not want this to be done, you can deactivate it with the Ad Preferences Manager (https://www.google.com/settings/u/0/ads?hl=en).
For further information on the terms and conditions of use and data privacy with regard to Google AdWords, please visit: http://www.google.de/policies/technologies/ads/.
(3) Google DoubleClick
We use the Google DoubleClick function on our websites in order to evaluate the use of the website and make it possible for us, Google and other advertisers who co-operate with DoubleClick to be able to present to you with user-relevant advertising. For this purpose, a cookie is installed on the hard drive of your computer. With the aid of such cookies, your browser is allocated an anonymous identification number, and information on the advertising shown in your browser and its being accessed is collected. The information generated by the cookie on your use of websites is usually transferred to a Google server in the USA and saved there. Based on the information collected, interest-related categories are allocated to your browser. These categories are used to display interest-related advertisements.
Besides changing your browser settings, you can also permanently deactivate the DoubleClick cookie with the aid of a browser plug-in. With the plug-in, your deactivation settings for this browser are retained, even if you delete all cookies. You can obtain the browser plug-in for permanent deactivation here.
By using our website, you agree to the DoubleClick cookie being inserted and thus usage data from you being collected, saved and used in the manner described above for the purpose specified. You moreover agree that your data will be stored in cookies beyond the end of the browser session and can for example be accessed again when you next visit websites. You can revoke this consent at any time with effect for the future by deleting the DoubleClick cookie and permanently deactivating it.
7. Social plug-ins/integration through Shariff
Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of the provider “Facebook“, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for the German website, facebook.de. The plug-ins are usually marked with a Facebook logo. Besides Facebook, we use plug-ins from “Google+” (Provider: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA), “Twitter” (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and “Pinterest” (Provider: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA).
For data privacy reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social networks. For this reason there is essentially no data automatically transmitted to social networks such as Facebook, Google+, Twitter or Pinterest when you access our website. Only if you yourself actively click on the respective button does your web browser produce a connection to the respective social network's servers, i.e. by clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your web browser will produce a link to the respective social network's servers and transmit usage data to the respective operator of the social network.
8. Social log-in
When registering for or logging into to the NIVEA customer account, you also have the option of authenticating yourself and thereafter registering or logging in with your existing profile at one of the following social networks: Facebook, Twitter or Google+.
For this purpose, you will find the corresponding symbols of the respective providers of the social networks supported by our website on the registration page or login page. Before a connection to the provider is established, you need to explicitly declare that you are in agreement with the process and data transmission described below:
When you click on the respective symbol, a new window (app) opens where you need to log in with your login data for the social network. After you have successfully logged in, the social network informs you which data (name and e-mail address) is transmitted to us for authentication within the scope of the registration or login process. Should you have agreed to this data transmission, the fields required by us for registration are filled in with the data transmitted. The data required by us to register or log in are (i) your name and (ii) your e-mail address.
Only once you have explicitly agreed to the use of the data transmitted and required will your data be stored by us and used for the purposes cited under No. 2. No link between the NIVEA customer account set up with us and your account at the corresponding social network takes place via the authentication process.
9. Contact, request for information, revocation, blocking, deletion
You can at any time and free of charge for the future object to the use of your personal data, arrange for partial or complete deletion or blocking, or request information on or correction of the data stored by us about your person. It is not necessary to adhere to a particular form. You can, for example, write to us by e-mail at email@example.com or use our contact form on the website.
10. Data security
We have adopted technical and organisational measures to protect your data from being lost, changed or accessed by a third party. The security procedures we use are regularly enhanced to reflect technological progress.
11. Updating and amendment
We may amend or update parts of the data privacy statement without informing you of this in advance. Please always check the data privacy statement before you use our website in order to be informed of the latest status in the event of any amendments or updates. Status of the data privacy statement: October 2015.