1. Institution responsible
The data user responsible for collecting, processing and using personal data within the meaning of the Personal Data Protection Act 2010 (PDPA) is:
Beiersdorf (Malaysia) Sdn Bhd
T1-12, Level 12 of Jaya 33
No. 3, Jalan Professor Khoo Kay Kim
Section 13, 46100
Contact Person: Personal Data Compliance Officer / Consumer Affairs Officer
“Beiersdorf”, “we” or “us” refer to Beiersdorf Malaysia Sdn Bhd and all its related companies, as defined in section 7 of the Companies Act 2016 and jointly controlled companies, providing financial and other regulated services, excluding companies, branches, offices and other forms of presence operating outside of Malaysia unless and to the extent otherwise stated.
The purpose of this data privacy notice is to provide you with information concerning the collection, processing and use (hereinafter referred to as “use”) of personal data.
By providing us with your personal data, you acknowledge that you have read this privacy notice and that you agree to and give consent for us to process your personal data in accordance with the terms of this privacy notice, and any other terms appearing on the form or medium used to collect your personal data.
If you provide to us any personal data of any third party, you warrant and confirm that you have provided this privacy notice to the third party and obtained the consent of the third party for Beiersdorf to process that third party’s personal data in accordance with the terms of this privacy notice.
2. Collection and use of personal data
Personal data is information that identifies you, such as your name, e-mail or postal addresses. Beiersdorf does not collect personal data from you except when you specifically provide such data to us or our service providers (e.g when using our products, services or facilities, subscribing to e-mail newsletters or any other sales and marketing materials, taking part in a survey, promotional or marketing competition or, ordering samples or brochures, or requesting for information, collectively “Activities”) and consent to its use.
We store, use, or transfer your personal data only in accordance with your consent or in compliance with law, and to the extent – with respect to content and time – needed in each specific case. The purposes for which we may use your data are as follows:
(a) To respond to your questions or concerns.
(b) To administer and manage all matters relating to any promotional activities, contests and any other customer engagement and rewards activities e.g., to assess your application forms and to inform you about the results of a competition.
(c) For you to use, access or participate in any of our products, services or facilities including the matters to in paragraph (a).
(d) To process your transactions in relation to any products and services provided by us to you. Please note that the personal data that we require to process your transactions may differ as each product and service offered has different requirements.
(e) To verify your identity and to manage any of your correspondence, communication and account(s) with us.
(f) To enhance and improve your experience with us generally. When you indicate your preferences by filling in our manual or digital forms, through your use of our website(s) or when you contact or deal with us directly, we will use this personal data to personalize our products and services to better meet your needs.
(g) To provide you with information or notifications about products and services that we or third party agents, contractors, employees, associate companies, business partners or professional consultants have selected and believe would be of interest to you.
(h) To prepare any statistics or analysis or internal reports for market research purposes.
(i) To keep your personal data secure and minimize the risk of unauthorized access to your data by using some of your personal data to verify your identification when you use our website(s) and customer service helpdesk.
(j) For security purposes when you visit our premises.
We may collect the following information from you when you partake in any of the Activities:
(i) Full Name;
(v) NRIC number;
(vi) Purchasing preference and records (e.g. receipt number, retailers where purchases made, date of purchase and amount of purchase);
(vii) bank account number or other information relating to selected payment methods;
(viii) telephone/mobile number;
(ix) email address;
(x) image (e.g., in photos, posters or social media posts); and
(xi) IP address.
To partake in any of the Activities, you will need to provide the information as stated above. Failure in providing such information may result in you not being able to partake in the Activities.
It may be necessary for Beiersdorf to transfer or disclose personal data to other companies within the Beiersdorf group, or third parties such as external service providers, agents or professional advisors for further data processing. These third parties may be in or outside of Malaysia and may, for example, be commissioned in the context of shipping goods, distributing advertising material, in the scope of competitions or carrying out any of our business and operational functions. Beiersdorf requires that these parties agree to process personal data based on our instructions and in compliance with this data protection notice.
Occasionally, you may be accessing products and services for third party websites web app, or mobile apps. These third party sites have separate and independent privacy notices. We therefore have no responsibility or liability for the content and activities of these linked sites. Please kindly read the terms and conditions and privacy notices of these third party linked sites, before proceeding to provide your personal data. You may also be accessing products and services provided or administered by our parent company, Beiersdorf AG in Germany. For these products and services, please note that your personal data will be processed in accordance with the terms of Beiersdorf AG’s privacy notice, which is accessible at https://www.beiersdorf.com/meta-pages/privacy-policy.
Any other transfer of your personal data, for example the transfer of logon data from our websites to a third party’s social community website or web service including (without limiting) Facebook. Twitter, Instagram, YouTube and Tik-Tok, requires your prior consent. Beiersdorf guarantees that it will not sell or lease your personal data to a third party. We may, however, have to disclose information about you if we are required to do so by law or in response to requests from governmental or law enforcement authorities.
3. Period of time for which your data is stored
The data provided by you will only be stored by us as long as is necessary for fulfilling the respective purpose for which you have transmitted your data to us, or for complying with statutory provisions.
If you have given us your consent to use your personal data for any purpose, we will use your data for such purposes until such time as you revoke your consent. You may revoke the consent granted by you at any time with effect for the future.
4. Limited passing on of data
When processing your request to access any of our products or services, it may be necessary for Beiersdorf to pass on your personal data to other affiliated companies within the Beiersdorf Group or an external service provider, also in respective European countries outside the EU, that act on our behalf. Such service providers may, for example, be commissioned with sending you product samples, distributing promotional materials or handling competitions or your order placed at our webshop, e.g. the shipping of the goods. Beiersdorf requires all affiliated companies within the Beiersdorf Group and its external service providers to keep your personal data exclusively in line with our specifications, and in compliance with this data privacy statement, as well as the statutory requirements on order data processing.
Otherwise, we will not pass on personal data to third parties without your permission nor do we sell or lease data. We do, however, reserve the right to disclose information about you if we are legally obliged to do so or if we are requested to hand it over by legitimately acting authorities or criminal prosecution institutions.
Cookies are used on our websites. Cookies are small units of data stored on the hard drive of your computer by your browser.
(i) Cookies for use-based online advertising
We reserve the right to also use information that we have obtained by means of cookies from an analysis of the usage behaviour of visitors to our websites to show you specific advertising for certain of our products on our own websites. We believe that you as the user will benefit from this, because we show you advertising or content which, based on your user behaviour, we have reason to assume matches your interests, and you are therefore shown less randomly scattered advertising or certain content that could interest you less.
(ii) Here is how you can prevent cookies from being stored on your hard drive and/or delete them
You can set your web browser in such a way that cookies are prevented from being saved to your hard drive and/or you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser’s help function. Please note that generally deactivating cookies may lead to functional restrictions on our website.
(iii) Cookies used by us
(A) Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses a specific form of “cookie,”i.e. text file, which is stored on your computer and enables an analysis of your use of the website. The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there.
We would like to point out that Google Analytics has been expanded on this website to include the code “gat._anonymizeIp();” to ensure the anonymized recording of IP addresses (so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google within the territory of the EU and the Treaty States of the European Economic Community. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website use and Internet use. Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google. The IP address transmitted to Google Analytics by your browser is not consolidated with other data by Google.
(B) Google Ads (formerly Google AdWords)
This website uses Google AdWords, an analysis service of Google, and conversion tracking, which is part of Google AdWords. This is how it works: When you click on an advertisement displayed by Google, Google AdWords stores a cookie for conversion tracking (a “conversion cookie”) on the hard drive of your computer. Such cookies lose their validity after 30 days and do not make it possible for you to be personally identified. Should you visit certain pages on our website, we and Google can recognise that you have clicked on the advertisement and were re-directed to this page.
The information obtained by way of the conversion cookies serves the purpose of generating statistics for AdWords customers who utilise conversion tracking. Through these statistics we find out the total number of users who have clicked on the advertisement displayed by Google and accessed a page with a conversion tracking tag.
We also use Google Analytics to analyze data from AdWords and any cookies from “DoubleClick”for statistical purposes. If you do not want this to be done, you can deactivate it with the Ad Preferences Manager (https://www.google.com/settings/u/0/ads?hl=en).
For further information on the terms and conditions of use and data privacy with regard to Google AdWords, please visit: http://www.google.com/policies/technologies/ads/.
(C) Google DoubleClick
We use the Google DoubleClick function on our websites in order to evaluate the use of the website and make it possible for us, Google and other advertisers who co-operate with DoubleClick to be able to present to you with user-relevant advertising. For this purpose, a cookie is installed on the hard drive of your computer. With the aid of such cookies, your browser is allocated an anonymous identification number, and information on the advertising shown in your browser and its being accessed is collected. The information generated by the cookie on your use of websites is usually transferred to a Google server in the USA and saved there. Based on the information collected, interest-related categories are allocated to your browser. These categories are used to display interest-related advertisements.
Besides changing your browser settings, you can also permanently deactivate the DoubleClick cookie with the aid of a browser plug-in. With the plug-in, your deactivation settings for this browser are retained, even if you delete all cookies. You can obtain the browser plug-in for permanent deactivation here.
By using our website, you agree to the DoubleClick cookie being inserted and thus usage data from you being collected, saved and used in the manner described above for the purpose specified. You moreover agree that your data will be stored in cookies beyond the end of the browser session and can for example be accessed again when you next visit websites. You can revoke this consent at any time with effect for the future by deleting the DoubleClick cookie and permanently deactivating it.
6. Social plug-ins/integration through Shariff
Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of the provider “Facebook“, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for the German website, facebook.de. The plug-ins are usually marked with a Facebook logo. Besides Facebook, we use plug-ins from “Google+” (Provider: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA), “Twitter” (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and “Pinterest” (Provider: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA).
For data privacy reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social networks. For this reason there is essentially no data automatically transmitted to social networks such as Facebook, Google+, Twitter or Pinterest when you access our website. Only if you yourself actively click on the respective button does your web browser produce a connection to the respective social network's servers, i.e. by clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your web browser will produce a link to the respective social network's servers and transmit usage data to the respective operator of the social network.
We have no influence upon the nature and extent of the data that is then gathered by the social networks. For more information regarding the purpose and scope of the collection and further processing and use of data by the respective social networks as well as your rights and settings options for protecting your private sphere in this respect, please refer to the data protection declarations of these providers as notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
(a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php more information on the data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(d) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA); http://about.pinterest.com/privacy/.
This website uses the Evergage (Salesforce Interaction Studio) tool for personalization. It allows us to display personalized content based on website actions (e.g. click, viewing time, entering a search term) and to better understand the needs of our website visitors. For example, we are then able to show you products that you might like or, as a myNIVEA loyalty program user, send you a message by e-mail if you have forgotten products in your shopping cart.
Used Cookies: Type C. For further information, see Cookie Section 5.
We transfer also the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform-, hosting, support and analysis service providers) in accordance with the required purposes (for website analysis). Main service provider is salesforce.com Germany GmbH, Germany. Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en
You can disable Evergage via the cookie settings here.
If the data is merged with your profile, the data will be deleted accordingly when you delete your myNIVEA profile.Lifetime of cookies: up to 180 days (this only applies to cookies set via this website).
Storage period: 2 years (this only applies to the data collected from the cookies).
8. Contact, request for information, revocation, blocking, deletion
You can at any time and free of charge for the future object to the use of your personal data, arrange for partial or complete deletion or blocking, or request information on or correction of the data stored by us. You can write to us using the contact details in paragraph (1) above.
9. Data security
We have adopted technical and organisational measures to protect your data from being lost, changed or accessed by a third party. The security procedures we use are regularly enhanced to reflect technological progress.
10. Update and amendment
We may amend or update parts of the data privacy statement without informing you of this in advance. Please always check the data privacy statement before you use our website in order to be informed of the latest status in the event of any amendments or updates. Status of the data privacy statement: July 2020.