BASF is delighted that you have chosen to use the Platform for your needs.
BASF takes data protection seriously. This Privacy Statement describes:
- the personal data BASF collects when you register to use the Platform
- the purposes for which BASF uses such data
- the legal basis for the processing of personal data
- the recipients of such personal data
- the period for which such personal data will be stored
- whether you are obliged to provide personal data
Furthermore, we would like to inform you about:
- the existence of your rights regarding the processing of your personal data
- the Controller in the meaning of data protection laws and, where applicable, our Data Protection Officer
1. What personal data does BASF collect when you visit our Platform?
(1) When you register to use our Platform, your browser transmits the following information automatically to our server:
- Information about your browser and operating system
- IP Address
(2) When you register to use our Platform, you must provide us with the following information:
- Your name
- Your employer
- Your email address
- The country of your residence
(3) When you use certain services within the Platform, you must provide us with the following information:
- Business address mailing information, such as country, state/province, postal code, street and building number
- Country to which certain requested documents are to be submitted to applicable governmental or regulatory authorities
- Information with regards to how you interact with the Platform such as documents you have downloaded or samples you have requested.
2. To what extent and for what purposes does BASF process such data?
(1) When you visit our Platform, we use the data that your browser transmits automatically to our server (see Section 1 (1)) in order to:
- a)send the requested content to your browser.
- b)protect us from attacks and to safeguard the proper operation of our Platform. In doing so, we store said data transiently and with restricted access for a maximum period of 180 days. Such period may be extended if and to the extent necessary to prosecute attacks and incidents.
(2) We use the data provided (see Sections 1 (2) and 1 (3)) in order to set-up and validate your account to access and use the Platform and use the Services made available on the Platform.
(3) If you have consented, we will process your personal data (see Section 1 (2), (3)) in order to provide you with information related to BASF products and services.
(4) If you have requested samples or documents, we will process your personal data (see Section 1 (2), (3)) in order to provide you with the requested samples or documents.
(5) We may process your personal data (see section 1 (2), (3)) to fulfil legal obligations or to exercise and defend legal claims.
3. Are you required to provide the data? Are you entitled to object to processing?
In order to use the Platform, you must have an account. An account can only be created if we have the data identified above.
4. What is the legal basis for the processing?
The legal basis for the processing under Section 2 is point (b) ( c) and (f) of Article 6 (1) General Data Protection Regulation (GDPR). The legal basis is determined by the purposes described under Section 2 and 3. The legitimate interest in the processing of the personal data listed under section 1 (1) arises from the interest to secure our platform and safeguard proper functionalities. If you have granted your consent on this platform the legal basis for processing personal data is Article 6 sec. 1 lit a GDPR.
5. To what recipients do we transmit your data?
We transmit the data mentioned in Section 1 to Data Processors based in the European Union for the purposes determined in Section 2 and 3. Such Data Processors process personal data only on instructions from us and the processing is carried out on behalf of us. We may also transfer personal data to Processors located in a third country for the purpose of data security. Such transfer will be based on appropriate safeguards (Art. 46 sec. 2 lit (c) GDPR).
6. How do we protect your personal data?
BASF implemented technical and organizational measures to ensure an appropriate level of security to protect your personal data against accidental or unlawful alteration, destruction, loss or unauthorized disclosure. Such measures will be continuously enhanced in line with technological developments.
(1) The following cookies are important for the smooth operation and specific services of our Platform:
|BrowserId||Used to collect metrics, such as the number of visitors to a community.||Long|
|autocomplete||Used to determine whether the browser remembers a user's login ID.||Long|
|clientSrc||Used to authenticate a user.||Session|
|inst||Used to redirect a user to the correct Salesforce server.||Session|
|oid||Used to redirect a user to the correct Salesforce org and assist the user for the next login.||Long|
|oinfo||Used to track the state of a customer's org.||Long|
|sid||Used to authenticate a user.||Session|
|sid_Client||Used to authenticate a user.||Session|
|_ga||A third-party cookie that's used if the community admin chooses to track community users with a Google Analytics tracking ID.||Long|
|force-stream||Used to redirect server requests for sticky sessions.||Long|
|renderCtx||Used to track community context.||Session|
|webact||Used to collect metrics per page view for personalization.||Long|
|directMessageInboxVisitTimestamp||Used by Direct Message to determine the last visit to the inbox.||Long|
|<userId>feeds||Used to store a user's feed settings selection.||Long|
|RRetURL||Used to redirect user logins.||Session|
|RSID||Used to redirect user logins.||Session|
|pctrk||Used to track public page views by guest users.||Session|
|ZoomLab Specific Cookies||Purpose||End of Life|
|ASP.NET_SessionId (.NET)OSSESSIONID (Java)||This cookie is set by the underlying technology (Microsoft ASP.NET) used to run the web application, or by OutSystems (Java).||Session|
|osVisitor||The first time the end-user accesses the web server (accessing a web page from the server), a unique value is stored in this cookie. No association with actual user identity(ies) is done by the OutSystems platform.||never|
|osVisit||Each time the end-user accesses a web page and this cookie does not exist yet, the cookie is created and set with a unique value, representing that the visitor accessed the site. This cookie is set to expire after 30 minutes, so that if the visitor leaves the web application and then returns 30 minutes later, a new visit session is started.||30 min|
|pageLoadedFromBrowserCache||Some applications may use this cookie to improve the user experience of the web application. It ensures that, in pages where a feedback message is displayed, if the users clicks the back button they will not be shown the same feedback messages again.||Session|
|Users.sid||Used in conjunction with the Session Id cookie in order to prevent session fixation vulnerabilities.||Session|
|JSESSIONID||This cookie is essential for the Java programming language to maintain a session with users.||Will be erased as soon as you close your browser|
|TS<pool name>||This cookie enables us to distribute the load of requests of our users properly to our servers. It facilitates the stability of our website.||Will be erased as soon as you close your browser|
|UrnNovellNidpClusterMemberId||This cookie is used to transfer session data between several cluster-nodes.||Will be erased as soon as you close your browser|
|DEVICES_TYPE||Used to store the type of device being used so that the framework can adjust properly||360 days|
|DEVICE_OS||Used to store the type of operating system being used so that the framework can adjust properly||360 days|
|DEVICE_ORIENTATION||Used to store the screen orientation being used so that the framework can adjust properly||360 days|
|DEVICE_BROWSER||Used to store the type of browser being used so that the framework can adjust properly||360 days|
You may use your browser settings to decide which cookies to accept and to decline. Please be aware that you may not be able to use all features of our Platform if you decline cookies under Section 7 (1).
8. What rights do you have?
You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:
8.2. Right to correct : if your personal is inaccurate or incomplete you have the right to have your personal information rectified;
8.3. Right to erasure : this is also known as 'the right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where there's no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defense of legal claims.
8.4. Right to restrict our use of your information : the right to suspend the usage of your personal information or limit the way in which we can use it. Please note that this right is limited in certain situations: when we are processing your personal information that we collected from you with your consent you can only request restriction on the basis of: (a) inaccuracy of data; (b) where our processing is unlawful and you don't want your personal information erased; (c) you need it for a legal claim; or (d) if we no longer need to use the data for the purposes for which we hold it. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for restriction of the use of their personal information to make sure the restriction is respected in future;
8.5. Right to data portability : the right to request that we move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services;
8.6. Right to object : the right to object to our use of your personal information including where we use it for our legitimate interests, direct marketing;
8.7. Right to be informed : you have the right to be provided with clear, transparent and easily understandable information about how we use your personal information; and
8.8. Right to withdraw consent : if you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful).
The exercise of these rights is free of charge for you, however you are required to prove your identity with 2 pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.
When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints that we cannot resolve directly.
If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us, then you may refer your complaint to the relevant data protection supervisory authority.
9. Where can you lodge a complaint?
You have the right to lodge a complaint with our Data Protection Officer (for contact details see below) or with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Or you can contact:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
10. Who is Controller and Data Protection Officer?
The Controller in the meaning of data protection laws:
Our Data Protection Officer is:
EU Data Protection Officer of BASF
+49 (0) 621 60-0
11. Privacy of Children
This Platform is intended to be used by persons aged 18 and older. We do not seek to collect information about persons under the age of 18.
No information should be submitted to or posted on the Platform by persons younger than 18 years of age. If such a person submits personal information via the Platform, we shall delete that information as soon as we are made aware of their age and thereafter shall not use it for any purpose whatsoever.