Privacy Policy

APPLICATION OF THIS PRIVACY POLICY
1. This Privacy Policy (“Policy”) forms part of the Terms of Use (“Terms”) relating to the use of the Beiersdorf “Beiersdorf Precision Marketing Academy Platform” (the “Platform”).
2. Beiersdorf Near East FZ-LLC (” Beiersdorf” “we” “us” or “our”) is committed to safeguarding the privacy of the personal information that is provided to us or collected by us during the course of our business as well as the personal information we receive from you (“User”, “you” or “your”) through the Platform. This Policy, describes how and why we collect, store and use personal information, and provides information about your rights. Pleaseread the following information carefully to understand our views and practices regarding how we handle personal information.
COLLECTION OF PERSONAL INFORMATION
1. By using the Platform, you consent to our collection, use and disclosure of your personal information in accordance with the terms of this Policy. You may withdraw such consent at any time, however this will not affect the lawfulness of the processing based on your consent prior to the withdrawal, or where we have other legitimate reasons for processing your personal data.
2. We may collect and process the following personal information:
  
  Information you give us:
  - If you are enquiring or, conducting any transactions, using the Platform, then we may request and process with your consent your personal information including your name, e-mail address, telephone number, address and date of birth;
  - You may give us information about you when by registering on our Platform or by corresponding with us by phone, e-mail or other electronic means, or in writing, as well as other information you provide directly to us, including in conversation with our employees and staff.
  
  Information we collect about you:
  With regard to each of your visits to our Platform, we may automatically collect the following information:
  - technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system; and
  - information about your visit; services you viewed or searched for; page response times, download errors, length of visits, page interaction information (such as scrolling, clicks, and mouse-overs).
  
  Information we receive from other sources:
  We may also receive information about you from other sources such as our local authorized business partners and service providers.
PURPOSES
1. We use your personal information for the following purposes where permitted by applicable law:
  - Where you give us consent, carrying out business development (including sending information about promotions and details of events;
  - Where it is in our, or a third party’s legitimate interests. These interests include:
  > auditing usage of the Platform;
  > processing and responding to inquiries, and providing our products; and
  > administering promotions and events where you take part;
  - Where required by law, such as by:
  > responding to requests from government or law enforcement authorities conducting an investigation; and
  > complying with any applicable legislation.
SHARING YOUR PERSONAL INFORMATION
1. We may also share your personal information with third parties including certain service providers we have retained in connection with our business activity.
2. Moreover, we may disclose your personal information to third parties:
  - if we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
  - if Beiersdorf, its business, or its assets are acquired by a third party, in which case personal information held by it about its Users, suppliers, or customers will be one of the transferred assets;
  - in order to enforce or apply our terms and conditions and other agreements; or
  - to protect the rights, property, or safety of Beiersdorf, our Users, our customers, or others.
3. We may also disclose your personal information to competent administrative, judicial, and/or law enforcement authorities or other government officials, if we are required to disclose or share your personal information in order to prevent crime (including any operation related to anti-money laundering or counter-terrorism financing), detect fraud, comply with any legal obligation or if we are required to do so by a legal process.
AUTOMATICALLY RECORDED INFORMATION (NON-PERSONAL DATA)
1. When you access the Platform, we automatically collect general information that is not related to your person, e.g. the name of the internet service provider (or with company networks, the name of your firm), information on the Platform you called up, date and time of the call up and the operating system and browser version in use.
2. This information is collected and analyzed in anonymized form. It is used solely for the purpose of improving the attractiveness, content and functionality of our Platform. It is not processed any further nor is it transmitted to third parties.
COOKIES AND INTERNET ADVERTISING
1. We may use ‘cookies’ to improve the Platform. Cookies are small files that are sent to a computer's hard drive by a web server. Cookies enable websites to remember who you are. Information from cookies may include information relating to your use of the Platform, information about your computer (such as IP address and browser type), and demographic data. Most internet browsers have a mechanism notifying you when you receive a new cookie and showing you how to reject new cookies or disable cookies altogether.
SECURITY
We use up to date information storage and security to hold your personal information securely in electronic and physical form to protect your personal information from unauthorized access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Whilst we have put in place physical, electronic and managerial procedures to secure and safeguard your personal information, we will not be held responsible for any unauthorised access by third parties and we cannot guarantee that the personal information provided by you or that is transmitted via the Platform or by e-mail is totally secure and safe and you provide it at your own risk.
CROSS-BORDER TRANSFERS
Your personal information may be transferred to and stored in servers and facilities located in your region or another country. Some of these countries may not provide the same level of data protection as the UAE.

When we transfer your information to other countries, we will use, share and safeguard that information as described in this Policy. To operate the Platform or to manage your participation in promotions and events, we may transfer the personal information we collect from or about you to countries which may not provide the same level of data protection as the UAE.
MARKETING COMMUNICATIONS
1. We, or trusted third parties on our behalf, may contact you by email or post with information about our products or promotions that might be of interest to you. Where necessary, at the time that you provide your personal information to us, you will be given the opportunity to indicate whether or not you are happy for us to use your personal information in order to tell you about such products, services and promotions.
2. Withdrawal of consent to receive marketing communications will not affect the processing of personal information in connection with the operation of the Platform. You may, at any time, withdraw your consent to receive commercial marketing communications by clicking on the link provided in the relevant email, or by emailing us on reka.halasi@beiersdorf.com
REQUESTS
1. You may request us to provide a copy of the personal information we hold about you, and to have personal information removed or any inaccurate personal information about you corrected.
2. If you would like your personal information to be removed from our records or if your personal information requires amending then we will endeavor to correct, update or remove your personal information as swiftly as possible. You can make such request by emailing us on reka.halasi@beiersdorf.com or by post to: P.O Box 502350, Dubai, UAE.
RETENTION
1. We will retain your personal information for the length of time needed to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by applicable law.
2. Your personal information that is processed for marketing purposes will be stored until you exercise the right to withdraw consent, and once such right is exercised, your personal information will be kept only during the applicable statute of limitations period for any disputes or liabilities that may arise as a consequence of the processing of that information (which is up to 15 years in the UAE). Once potential actions are time barred we will proceed to delete the personal data. In any other circumstances, we will only retain your personal information for a shorter or longer period as required by any applicable law.
LINKS TO THIRD PARTY SITES
The Platform may contain links to other unaffiliated third party websites. Please note that Beiersdorf is not, and cannot, control or be responsible for the content or privacy and confidentiality practices of any third party websites. You must always carefully review the privacy and confidentiality policy of any third party website that you may visit in order to understand how the operators of that website may collect, store and use your personal information.
CHANGES TO THIS PRIVACY POLICY
We may from time to time make changes to this Policy. Please check back regularly to keep informed of updates to this Policy. These changes are effective immediately, after they are posted on the Platform.
CONTACT DETAILS
If you have any questions about this Policy, or our processing of your personal data, please contact us onreka.halasi@beiersdorf.com

Privacy policy

THE PROTECTION OF YOUR DATA IS IMPORTANT TO US!

For us is not only the care and protection of your skin important. We also attach great importance to the protection of your personal data. That's why we respect your privacy and want you to be able to trust us as much when it comes to data protection as when it comes to skin care. We always inform you transparently about what we need your data for and if and for how long we store it.

1. General Information

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using the website and related services.

Processing of Personal Data Personal data (in short data) within the meaning of Art. 4 of the EU General Data Protection Regulation (GDPR) are all information relating to an identified or identifiable natural person, e.g. name, address, email address, etc.

1.1. Controller

Responsible for the processing of personal data within the meaning of Art. 4 (7) GDPR is: Beiersdorf Shared Services Poland Sp. z o.o.; Gnieźnieńska 32; 61-021 Poznań; Poland; Phone: +48 61 874 62 00 (see our imprint).

Contact details of the data protection officer: Dataprotection.BSSPoland[at]beiersdorf.com or under the postal address of the controller for the attention of the “data protection officer”.

1.2. Rights of the Data Subject

As data subject affected by the data processing activity, you have the following rights with regard to your personal data in accordance with the legal provisions:

Right of access;
Right to rectification and to erasure;
Right to restriction of processing;
Right to data portability; and
Right to object.

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data, see 2.1.

1.3. Recipients (general information)

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors in accordance with the purposes required. We also forward the data to the following recipients: Platform/hosting providers, IT support service providers.

We may also forward the data to the Authorities: In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies acc. to: Art. 6 (1) c GDPR (legal obligation).

2. Collection and Processing of Personal Data when visiting our Website

When visiting and using the website we already collect personal data. You can find within this section more information about website specific processes and tools especially from external partners. Further information about processes which can also occur in an offline context can be found in section 3.

2.1. Hosting
Purpose/Information:
When visiting and using our website for information purposes only, i.e. if you do not log in or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

Used Cookies/Tools: More information can be found in the “Cookies/Tools” section.

Recipients:
- Platform/hosting providers will have access to personal data

- Service Provider for IT-Support

Deletion:
The deletion of the log files takes place after 7 days.

Legal basis:
Art. 6 (1) f GDPR (legitimate interest)

2.2. Login functionalities
This website provides login functionalities as described below.

2.3. Cookies/Tools
This website uses cookies or other technologies/tools like local storage, IDs or external services (hereinafter referred to as “Cookies/Tools”) and are used on when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be accessed on your device and transmitted either to our website.

Through the information saved and returned, the respective website can recognise that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies/tools, the scope and functionality: Technical/Audience Measurement – to ensure that the demanded service can be provided including basic analysis. (No consent necessary acc. to ePrivacy Directive 2002/58 EC).

2.2. Learning management system

The Learning Management System facilitates required level of quality management by delivering specific trainings based on required internal policies. It allows efficient assignment of individual trainings and logging of the training history, as well as different reporting functionalities.

The following categories of personal data are processed within the LMS:

- general identification data (full name, user ID, admin ID),

- business contact data (e-mail),

- Company affiliation data (city and country, company, headquarter, job location, org function, region),

- communication data (user ID),

- administrator data (name, e-mail),

Training data relating to particular training activities (ID, title, description, training date), if containing personal data).

Legal basis for processing

The processing of the personal data is necessary for the performance of the contract (Art. 6 (1) lit. b GDPR. There is a contractual obligation for you to provide that personal data. Unless you provide that personal data, Beiersdorf is not able to perform the contract.

Deletion of data

Training data, in general, are deleted after a period of 3 years starting the day the respective training was completed, and subject to the circumstances of the individual case, they are required to be retained for a longer period of time.

Other categories of personal data are deleted immediately after the end of the contract.

2.3. Training reporting

Personal data are processed to report on the training achievements on a general and on individual level.

The following categories of personal data are processed for the purpose of LMS reporting:

• anonymized report data (summary of and statistics on trainings (aggregated data);

• plain report data: the personal data of the participants is displayed together with specific information for the learning unit type; in the test statistics e.g. the overall learning time, the score, the results and the number of tries are display. Additionally, administrators can also access the different tries of the learners to see their answers, when the test was first started and when it was finished.

3. Further services offered (on- and offline)

Contacting/Communication/Collaboration
Purpose/Information:
When communicating and/or collaboration with us, e.g. by email or via contact form on our website or a data exchange platform, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

We may ask you when you contact us by telephone whether the telephone call may be recorded for quality assurance and training measures. If you agree to the recording, we will process all information that you share with us during the call (communication content, as well as your phone number and other personal data).

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Business partner only:
With regard to the cooperation with our suppliers, we have implemented an internal evaluation process which, in our legitimate interest, is intended to improve the business relationship by developing an "action plan". As a rule, we only process information about the company, but conclusions can be drawn about you as the contact person, if the communication with suppliers is examined with regard to response times, reliability and transparency.

Specific processing purposes are listed in the “Recipients and sources” section below based on the third parties used in the process.

Recipients and sources:
We transfer the data to the following recipients:

- Customer/Consumer service providers
- Platform/hosting provider

Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. For more information (such as a copy of the guarantees), you can contact us as mentioned under 1.2.

Further recipients can be found in the general recipients section 1.3.

Business partner only:
In order to combat terrorism, we are obliged by law to carry out a comparison with sanctions lists. Therefore, we also process your data to meet legal requirements for comparison with these lists. Furthermore, we process your data in the Beiersdorf Group for the prevention and investigation of criminal offences and other misconduct, the assessment and control of risks, for internal communication and for corresponding administrative purposes. If an affiliated company reports a need to work with you as a supplier, we will share our experiences from working with you with the affiliated company.

We will compare your data against published lists of misleading suppliers (e.g. warning lists of World Intellectual Property Organization and Bundesanzeiger Verlag GmbH) to make an informed decision about potential payments. We also regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of the financial risk. We cooperate with credit agencies (e.g. Dun & Bradstreet Deutschland GmbH (“D&B”), Germany) from which we receive the necessary data. For this purpose, we transmit your name and contact details or the D&B D-U-N-S® number assigned to your company to the credit agencies. In our legitimate interest in faster data entry, D&B provides us with addresses of our business partners. EcoVadis SAS, France provides us with a sustainability risk assessment to meet legal requirements and in our legitimate interest. Depending on the result, a longer sustainability assessment may result.

It may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymised data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.

Deletion/Objection:
We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year, if no other legal retention periods apply. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.

Call recordings are stored for a maximum of 90 days.

You can object to these processes according to the requirements under 4.

Legal basis:
Art. 6 (1) a GDPR (consent: telephone recording),

Art. 6 (1) b GDPR (when processing in the context of a contract or a situation similar to a contract),

Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation),

Art. 6 (1) f GDPR (when processing according to the legitimate interest described above).

4. Objection or Withdrawal of your consent to the Processing of Personal Data

If you have given your consent (Art. 6 (1) a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on the weighing of interests (Art. 6 (1) f GDPR), you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions / services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.