The following state specific rights and requirements are in addition to
all other rights and requirements set forth in this Privacy Policy.
A. California Privacy Rights
The California Consumer Privacy Act of 2018 and California Privacy
Rights Act of 2020 (CPRA) (together, "CCPA")
requires covered businesses to provide California residents with some
additional information regarding how they collect, use, and share your
"personal information" (as defined in the CCPA). As such, we have provided additional details
below about the information we collect, how we disclose it, and how you can
exercise your privacy rights under the CCPA, in the event it applies to our
activities in the future.
(i) Categories of Personal Information that is
Collected, Disclosed and Shared. The CCPA provides
California residents with the right to know what categories of personal
information (including sensitive personal information) covered businesses have
collected about them and whether such businesses have disclosed that personal
information for a business purpose (e.g., to a service provider) in the
preceding twelve (12) months. California residents can find this information in
the section below.
We may use any of the
categories of information listed above for other business or operational
purposes compatible with the context in which the personal information was
collected. The categories of sources from which we collect personal information
and our business and commercial purposes for using personal information are set
forth in "Personal Information We Collect" and "How We Use Your
Information" above, respectively.
We may share any of the
information listed above with service providers, which are companies that we
engage for business purposes to conduct activities on our behalf. Service
providers are restricted from using personal information for any purpose that
is not related to our engagement.
(ii) "Sales or Sharing" of Personal
Information under the CCPA.
California residents have
the right to opt out of the "sale or sharing" of their personal
information. Under the CCPA, "sale" is defined broadly and includes
the transfer of personal information by a business to a third party for
valuable consideration (even if there is no exchange of money) and “sharing” is
defined to include the sharing or making available personal information to a
third party for cross-context behavioral advertising.
Company may "sell or share" personal information. The
categories of personal information we have "sold or shared" and the
categories of third parties we have "sold or shared" personal
information to in the preceding twelve months are listed below.
Category |
Examples |
Collected |
A. Identifiers.
|
A real name,
postal address, email address, account name, or other similar identifiers.
|
Yes |
B. Personal information categories listed in the California
Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|
A name, address, medical
information. Some personal information included in this category may overlap
with other categories
|
Yes |
C. Protected classification characteristics under California
or federal law.
|
Age, medical
condition, sex (including gender)
|
Yes |
D. Commercial information.
|
- |
No |
E. Biometric information. |
Pictures of faces and selected areas of skin,
height, weight, female cycle tracking, nutrition tracking, sleep tracking, mood
tracking |
Yes |
F. Internet or other similar network activity. |
- |
No |
G. Geolocation data.
|
Physical location
|
Yes |
H. Sensory data.
|
Pictures of faces and selected areas of skin
|
Yes |
I. Professional or employment-related information.
|
- |
No |
J. Non-public education information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part
99)).
|
- |
No |
K. Inferences drawn from other personal information.
|
Profile reflecting a person's preferences, characteristics,
psychological trends, predispositions, behavior, attitudes, intelligence,
abilities, and aptitudes.
|
Yes |
Company’s business and commercial purposes for "selling or
sharing" personal information can be found in "How We Use Your Information?" above. Company does not have actual knowledge of any "sale
or sharing" of personal information of minors under 16 years of age.
(iii) Additional Privacy Rights for California
Residents.
1. Opt-out of
"Sales or “Sharing”. California residents may opt-out of the
"sale or sharing" of their personal information by contacting us as
set forth in "Contact Information" below. California
residents (or their authorized agent) may also exercise:
Email: hautstudie@beiersdorf.com
Mail: Beiersdorf AG, Beiersdorfstraße
1-9, 22529 Hamburg, Germany
2. California Shine the Light. The California "Shine the
Light" law permits users who are California residents to request and
obtain from us once a year, free of charge, a list of the third parties to whom
we have disclosed their personal information (if any) for their direct
marketing purposes in the prior calendar year, as well as the type of personal
information disclosed to those parties. If you are a California resident and
would like to exercise any of your rights under the law, please contact us as
set forth in "Contact
Information" below. We will process
such requests in accordance with applicable laws.
B. Nevada Privacy Rights.
If you are a resident of Nevada, you have the right to opt-out of the
sale of certain Personal Information to third parties who intend to sell or
license that Personal Information, even if your Personal Information is not
currently being sold. If you would like to exercise this right, please contact
us via the information found in the “Contact Information” section above.
C. Virginia, Colorado, Connecticut,
and Utah Privacy Rights.
Residents of Virginia,
Colorado, Connecticut, and Utah may have additional rights under relevant
privacy laws, including under the Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”) (effective July 1, 2023) and Utah Consumer
Privacy Act (“UCPA”) (effective Jan. 1, 2024), as applicable. The
following additional information is required to be provided by covered
businesses under applicable state laws.
(i) Sharing of Personal Data under VCDPA, CPA, CTPDA and UCPA. The VCDPA, CPA, CTPDA and UCPA require covered businesses to provide
residents of their respective states with the right to know the categories of “personal
data” (as defined under applicable law) covered businesses shared with third
parties and the categories of third parties with whom such personal data has
been shared. Residents of Virginia, Colorado, Connecticut and Utah can find
this information below:
Category |
Examples |
Collected |
A. Identifiers.
|
A real name,
postal address, email address, account name, or other similar identifiers.
|
Yes |
B. Personal information categories listed in the California
Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|
A name, address, medical
information. Some personal information included in this category may overlap
with other categories
|
Yes |
C. Protected classification characteristics under California
or federal law.
|
Age, medical
condition, sex (including gender)
|
Yes |
D. Commercial information.
|
- |
No |
E. Biometric information. |
Pictures of faces and selected areas of skin,
height, weight, female cycle tracking, nutrition tracking, sleep tracking, mood
tracking |
Yes |
F. Internet or other similar network activity. |
- |
No |
G. Geolocation data.
|
Physical location
|
Yes |
H. Sensory data.
|
Pictures of faces and selected areas of skin
|
Yes |
I. Professional or employment-related information.
|
- |
No |
J. Non-public education information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part
99)).
|
- |
No |
K. Inferences drawn from other personal information.
|
Profile reflecting a person's preferences, characteristics,
psychological trends, predispositions, behavior, attitudes, intelligence,
abilities, and aptitudes.
|
Yes |
(ii) “Sales” or Sharing for
Targeted Advertising under VCDPA, CPA, CTPDA and UCPA. Residents of Virginia, Colorado, Connecticut,
and Utah have the right to opt-out of the “sale” of their personal data to
third parties or the processing of their personal data for targeted advertising
(see Section 4(B)(iv) above). For purposes of this paragraph the definition of
“sale”, “sell” or “sold” has the meaning set forth in applicable privacy law.
If a consumer wishes to exercise their right to opt-out of the sale of personal
data or processing of personal data for targeted advertising, they may do so by
following this link. The categories of personal data “sold” or processed for
targeted advertising can be found below:
Category of Personal Data Sold to
Third Parties or Processed for Targeted Advertising
|
Category of Third
Parties Personal Data is Sold to or processed by for Targeted Advertising
|
None |
None |