When communicating and/or collaboration with us, e.g. by email or via contact form on our website, data exchange platform, be it e.g. as a consumer, test person, business partner or customer, the data you provide (your email address, if applicable your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.
With regard to the cooperation with our suppliers, we have implemented an internal evaluation process which, in our legitimate interest, is intended to improve the business relationship by developing an “action plan”. As a rule, we only process information about the company, but conclusions can be drawn about you as the contact person, if the communication with suppliers is examined with regard to response times, reliability and transparency.
We may ask you when you contact us by telephone as a consumer whether the telephone call may be recorded for quality assurance and training measures. If you agree to the recording, we will process all information that you share with us during the call (communication content, possibly also sensitive (health) data, as well as your phone number and other personal data).
When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.
The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.
If you purchase products in the eShop of Beiersdorf NV, De Passage 126-136, 1101 AX Amsterdam, Netherlands, Beiersdorf NV is responsible for the data processing described in this clause. This applies also to any questions about your order that you might ask through the contact form provided in the eShop.
For all other cases of contacting/communication/collaboration is the controller named under clause 1.2. above.
Recipients and sources:
order to combat terrorism, we are obliged by law to carry out a comparison with
sanctions lists. Therefore, we also process your data to meet legal
requirements for comparison with these lists. Furthermore, we process your data
in the Beiersdorf Group for the prevention and investigation of criminal
offences and other misconduct, the assessment and control of risks, for
internal communication and for corresponding administrative purposes. If an affiliated company reports a need to work with you as a supplier, we will share our experiences from working with you with the affiliated company.
If you are a
business partner, we will compare your data against published lists of
misleading suppliers (e.g. warning lists of World Intellectual Property Organization
and Bundesanzeiger Verlag GmbH) to make an informed decision about potential
payments. We also regularly check your creditworthiness in certain cases
(e.g. when concluding contracts). Our legitimate interest is the minimization
of the financial risk. For this purpose, we cooperate with credit agencies from
which we receive the necessary data. For this purpose we transmit your name and
your contact data to the credit agencies.
If you are a business customer or partner, it may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymised data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.
Additionally we transfer the data to the following recipients:
- Customer/Consumer service providers
- Platform/hosting provider
Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR were concluded. For third countries/companies which fall under an adequacy decision, the adequacy decision also applies. Additionally binding corporate rules were approved at a platform/hosting provider. For
more information (such as a copy of the guarantees), you can contact us as
mentioned under 1.2.
Further recipients can be found in the general recipients section 1.4.
We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.
In case of consumer inquiries through our internal consumer management tool the personal data will be usually deleted after one year, if no other legal retention periods apply. As an exception, the data will be kept longer if the data is necessary for the establishment, exercise or defence of legal claims.
Call recordings are stored for a
maximum of 90 days.
can object to these processes according to the requirements under 4.
Art. 6 (1) a GDPR in conjunction with Art. 9 (2) a GDPR (consent:
Art. 6 (1) b GDPR (when processing in the context of a contract or a
situation similar to a contract)
Art. 6 (1) c GDPR (when processing is necessary for compliance with a
Art. 6 (1) f GDPR (when processing
according to the legitimate interest described above)