You may use our website or app without directly providing any personal data about you. In this case, Essity will automatically collect only the following metadata that result from your usage:
Referral page, data and time of access, data volume transmitted, status of transmission, type of web browser, IP address, operating system and interface, language and version of browser software.
Your IP address will be used to enable your access to our website or app. Once the IP address is no longer necessary for this purpose, we will shorten your IP address by removing the last octet of your IP address. The metadata, including the shortened IP address will be used to improve the quality and services of our website or app by analyzing the usage behavior of our users.
Account or Registration
If you create an account or register for a product, sample or service on/in our website or app, you may be asked to provide personal data about you, for example: Name, postal address, email address, selected password, company or organization name, job title, telephone number, bank account details, credit card details, invoicing and delivery address, interests in certain products/services (voluntary), request to receive marketing emails (voluntary). Essity processes such personal data for purposes of providing our services to you, to provide you with marketing materials to the extent permitted by applicable law, and to analyze your interests for marketing purposes.
Content of Communications
We collect your email address and other personal data you provide when you contact us or communicate with us.
Sweepstakes and other Promotions
If you participate in a sweepstakes or similar promotion, Essity may collect and process the following personal data about you: Name, postal address, email address, date of entry, selection as winner, prize, answer to quiz or other promotion details. Essity processes such personal data for purposes of carrying out the promotion, informing the winner(s), delivering the prize(s) to the winner(s), and marketing.
If you order some products, Essity may collect and process also information about your health conditions as implied by product order or directly shared with us. Essity takes steps to protect such sensitive data as legally required. Essity collects and processes your health data solely for the purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing and exercising legal claims, and, with your consent, tailored marketing.
Essity affiliates and subsidiaries
Transfer to service providers
Essity may engage external service providers, who act as a data processor of Essity, to provide certain services to Essity, such as website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data.
We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.
Essity may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We may also transfer your personal data with your consent.
International transfers of Personal Data
Personal data that we collect or receive about you may be transferred to and processed by recipients which are located inside or outside the European Economic Area ("EEA"). Some of those countries may not be deemed to provide an adequate level of data protection from a European data protection law perspective. Essity will take necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or certification under the EU-U.S. Privacy Shield or other approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such safeguards by contacting us as set out in Sec. 8 (Contact us) below.
We may carry out the processing of your personal data on the following legal basis, as required by the GDPR:
We may carry out the processing of your sensitive personal data on the following legal basis:
The website may contain links to other websites not owned by us and other websites not owned by us may reference or link to our website. We encourage our users to read the privacy policies of each website they interact with. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of other websites that we do not own. Visiting these other websites is at your own risk.
The website may also contain links and interactive features with various social media platforms. If you already use these platforms, their cookies may be set on your device when using our website. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.
If you have declared your consent regarding certain collecting, processing and use of your personal data, you can revoke this consent at any time with future effect. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.
Pursuant to the applicable data protection law you have the right (i) to request access to your personal data, (ii) to request rectification of your personal data, (iii) to request erasure of your personal data, (iv) to request restriction of processing of your personal data, (v) to request data portability, (vi) to object to the processing of your personal Data (including objection to profiling), and (vii) to object to automated decision making (including profiling).
To exercise your rights please contact us as stated under Sec. 8 (Contact us) below.
In case of complaints you also have the right to lodge a complaint with the competent data protection supervisory authority.
California Privacy Rights
If you are a California resident, the California Consumer Privacy Act of 2018 (“CCPA”) provides you with certain rights with respect to your personal information.
We will provide this information upon receipt of a verifiable consumer request. How we will verify your identity depends on how you have interacted with us in the past. To exercise this right, you can contact us by phone at 800-537-1063 or by email at email@example.com.
Under California Civil Code Section 1798.83, California residents have a right to request, once per year and free of charge, information about the categories of personal information (if any) we have disclosed to third parties for their direct marketing purposes during the previous calendar year. If you are a California resident and would like to make such a request, please send an email to firstname.lastname@example.org with the subject line “California Shine the Light Request.”
Nevada Privacy Rights
Nevada residents have a right to submit a verified request directing a website operator to not make any “sale” of covered information collected about a consumer for monetary consideration to a person for such person to license or sell the information to additional persons, subject to certain exceptions. We do not engage in the “sale” of covered information, as that term is defined.
Your personal data will be retained as long as necessary to provide you with the services and products requested. Once our relationship has come to an end, we will either delete your personal data or anonymize your personal data, unless statutory retention requirements apply (such as for taxation purposes). We may retain your contact details and interests in our products or services for a long period of time if Essity is allowed to send you marketing materials. Also, we may be required by applicable law to retain certain of your personal data for a period (for example, 10 years after the relevant taxation year). We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
BSN Medical Inc., as Essity Company
5825 Carnegie Blvd.
Charlotte, NC 28209-4633
Tel: 1-800-537-1063 or 1-704-554-9933
The contact details of our data protection officer are as follows:
Compliance Officer Data Protection
Group Function Sustainability
D-20253 Hamburg, Germany
Tel: +49 40 4909-6546