Data processing in the BASF group
On this website, we would like to explain to you how personal data is generally processed in the BASF Group.
Data protection is of high priority for BASF. This includes a high level of
transparency. Here you can find information on how BASF processes personal data of contact persons of customers and business partners.
Alexandra Haug
BASF Data Protection Officer
Please find an overview on the EU Data Protection Coordinators here.
Contact with the Controller
The BASF company with which you are in contact is responsible for data processing unless otherwise stated (hereinafter referred to as “BASF” or “Controller” or “we”). The Controller can be identified, for example, as follows:
Contact with the Data Protection Officer
As an internationally active group, BASF has contact persons for data protection for each country. For countries of the European Union you will find here an overview with the contact addresses.
In addition, you can address questions and concerns about data protection to our central Data Protection Office at any time: data-protection.eu@basf.com
Basic data processing structure in the BASF Group
Within the BASF Group, BASF SE, as a holding company, performs central functions that require the processing of personal data and may also be performed for other BASF Group companies. Such central functions can be, for instance:
In addition, certain BASF Group companies process personal data as intra-group service providers, whereby data processing may also be carried out on behalf of the respective BASF Group companies. These can be, for example:
BASF also uses central data processing systems that enable standardized data processing processes. Such systems can be, for example:
Categories of personal data, purposes and legal bases of data processing
BASF processes personal data exclusively for specific purposes. In the course of our business activities, various processing situations arise, which we shall generally inform you of within the framework of the respective activity, e.g. in the form of a data protection declaration on a website.
In general, BASF processes your personal data for the following purposes:
Contract
If you or the company for which you work have entered into a contract with BASF, we process personal data if and to the extent that it is necessary for the performance of the contract. The data processing includes master and contact data as well as contract-relevant data, which may also contain personal data of our customers, sales partners, service providers, suppliers, sellers and other business partners.
The legal basis for this data processing is Art. 6 Sec. 1 lit.b) GDPR and lit. f) GDPR, provided that the contract is concluded between BASF and another legal entity.
Communication with contact persons
If you contact us, we process your personal data provided in the respective contact form in order to process your request or to communicate with you. If necessary, we will forward your request internally to colleagues responsible for supporting your request.
The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.
Collaboration with business partners
Outside of customer, service provider, and supplier relationships; we also work with companies and institutions on projects, joint ventures, and other collaborations to advance scientific progress and contribute to topics relevant to our business goals. In particular, we process contact data of our collaboration partners and data relating to the respective cooperation for the purposes of project implementation and networking.
The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.
Public relations and representation of interests in the public and political sector
BASF closely follows current events and public discourses that affect our products and corporate goals. In this context, we regularly work with newspapers and journals in order to answer inquires from them and to coordinate articles. In addition, we use press mailing lists to inform selected representatives of the independent media about company-relevant developments. For these purposes, we process contact data of journalists and press representatives.
The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.
In addition, BASF maintains and operates websites on which we provide information to interested parties, customers and other business partners. In this context, BASF processes personal data that is necessary for technical reasons for the presentation of the website (e.g., IP address and strictly necessary cookies). In addition, cookies are also occasionally used to measure the performance of the website. Further information on the specific use of such services and on the further processing of personal data can be found in the privacy policy of the respective website.
Events
If BASF conducts events, we process the contact details of the participating guests in order to carry out the event. Depending on the event, this may also include information relevant to catering, e.g. food intolerances or allergies. If photographs, video recordings or other recordings are made at the event, we will inform our participating guests separately, in particular if a publication of the recordings and recordings is planned, and obtain any necessary consents.
The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR, unless otherwise stated.
Marketing
If we have your consent or are otherwise allowed, we will provide you with information on products and topics from BASF, including information related to events. For the purpose of providing you with this information, we process your contact data provided in the respective registration or request forms for the purpose of carrying out the respective marketing activity, e.g., sending the newsletter or the customer satisfaction survey. The exact information on the communication channel, the processing purposes and the processed personal data can be found in the respective request for consent and/or the associated data protection statement. If and to the extent that you provide us with feedback, we process your information in order to improve the quality of our products and services. In this case, we may contact you to discuss any follow-up questions that may arise from that feedback.
The legal basis for this data processing is your consent, Art. 6 Sec. 1 lit. a) GDPR or the respective legal basis as communicated otherwise and specifically to you.
Maintaining and protecting the security of our facilities, products and services
For the purpose of preventing and detecting security risks, fraudulent procedures, or other criminal or harmful acts; we process master and contact data in order to identify data subjects, e.g. in the context of service provider onboarding or in the context of granting access to customer portals. Data processing also includes compliance with and fulfilment of BASF’s duties of care and due diligence. In such cases, we process your contact details to inform you about important changes to product formulations or approvals.
If you visit us in person, we will issue day passes to grant you access to our premises and to control access for security reasons through processes such as issuing you with a visitor pass. For this purpose, we process specific information about you such as your name, your date of birth, the persons you visit, your identity card number, your telephone number and your visit duration in days. If necessary, you must answer test questions about the safe behavior on the factory premises in a safety test; in which case the test results shall be saved. For drivers, BASF also processes the license plate of the vehicle used. If you as a driver transport dangerous goods, the dangerous goods are checked and the control is documented.
The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.
Compliance with legal requirements
If and to the extent required by law, we process your personal data in order to fulfil legal requirements. These can be, for example, tax and commercial retention obligations or regulations for the prevention of white-collar crime such as money laundering laws.
If you are a shareholder of BASF, we will also process your personal data required for your entry in BASF’s shareholder register for corporate and stock corporation law reasons (e.g. on the basis of § 67 German Share Law – Aktiengesetz). We receive your personal data from the bank involved in the share purchase.
If and to the extent necessary, we also work with representatives of the authorities to coordinate legally relevant issues with them. In this context, we process contact data and data relating to the respective cooperation for the purpose of legal coordination.
The legal basis for this data processing is Art. 6 Sec. 1 lit.c) and f) GDPR.
Data processing in the context of legal matters
In the context of legal disputes, we may process personal data within the framework of these disputes. We therefore also process personal data if and to the extent it is required to settle legal disputes; enforce existing contracts; and to assert, exercise and defend legal claims.
Digital conference systems and digital events
As an international group, BASF relies on flexible and user-friendly forms of communication and at the same time has an interest in communicating efficiently and as needed internally and with external parties.
For these reasons, BASF uses digital conference systems for the implementation of digital events, in particular:
When using digital conference systems, we process the following categories of personal data for technical reasons when you use one of our digital conference systems:
Depending on the type and format of the digital event, we process the following categories of personal data, provided that you voluntarily provide it to us:
We carry out the respective data processing on the basis of a legitimate interest in accordance with Art. 6 Sec. 1 f) GDPR. Our legitimate interest arises from the above-mentioned purposes for data processing.
BASF generally uses the following digital conference systems:
Surveillance
As a chemical company that deals with hazardous and harmful substances, among other things, we are interested in ensuring the safety of our plants and our employees. For this reason, BASF carries out video surveillance at selected sites on its premises if and to the extent necessary to ensure safety aspects at BASF. The public space as well as the private space of individuals (e.g. private gardens) are not monitored. BASF provides information on site by means of signs and pictograms placed near the video surveillance system about the specific video surveillance carried out in each case.
Further information on data protection can be found at the respective video surveillance system.
Social Media Appearances and Activities
BASF is interested in presenting itself on as many channels as possible, being approachable for customers, service providers, other business partners, applicants and interested parties, and promoting topics and products via social networks.
We process personal data when you visit BASF on social media channels. With our various social media channels, we want to offer you a wide range of multimedia services and exchange ideas with you on topics that are important to you. In addition to the respective provider of a social network, we also collect and process personal user data on our social media channels. For the respective data processing purposes and data categories, we refer to the individual social media channels, which are explained in more detail below.
In principle, data processing serves the following purposes:
The processing of your personal data is necessary for the achievement of these purposes.
Social Listening
As part of our social media activities, we also use technologies of so-called social listening or social monitoring (hereinafter referred to as “social listening”) to get an idea of the perception of our products and services and to identify any potential for improvement. In doing so, we evaluate comments and contributions of the respective network on social networks according to a search request. We can only view those contributions that have been freely made available to an unlimited public by the users of the social network.
The data collected and the scope of data processing are generally determined by the type and content of the respective search request and the contributions. For example, a posting in text form or an uploaded image file may be affected.
In principle, we only receive statistical information as the results of our search requests. In individual cases, however, we may also be shown specific posts and comments as search results, which can also provide conclusions about personal data of individual users, for example because the specific posts or comments contain the user’s username, which can also be the real name of such user. Such contributions serve exclusively as an exemplary reproduction of the desired mood picture.
Our overriding legitimate interest in the use of social listening lies in recognizing any deficits in our products and services as well as the public mood about BASF as a company and topics relevant to BASF in public discourse in publicly accessible statements and to be able to react appropriately to them. The legal basis for the processing of personal data in the context of social listening is Art. 6 Sec. 1 lit. f) GDPR.
When carrying out social listening, we use in particular the services of the following providers:
Runtime Collective Ltd.
Sovereign House
Church Street, 1st Floor
Brighton
E Sussex
BN1 1UJ
United Kingdom
Cision Germany GmbH
Westhafenplatz 1
D-60327 Frankfurt am Main
Data Sharing
Within our company, only persons and entities receive access to your aforementioned personal data insofar as they need it to fulfil the above-mentioned purposes.
We also work with service providers. These service providers only act in accordance with our instructions and are contractually obliged to comply with the applicable data protection requirements.
Otherwise, we will only pass on your data to third parties if:
Your personal data will only be passed on to service providers in a third country if the special requirements of Art. 44 et seq. GDPR are met. If and to the extent that the service providers are located in a third country, it is possible that either the servers of the respective service provider are located in the third country or that the servers are located in the EU, but in support cases they are accessed from a third country. Some third countries do not have a level of data protection equivalent to that of the EU, as authorities may have simplified access to personal data or that there are limited rights against such measures. If and to the extent that you give your consent, you expressly agree to the transfer of personal data to the respective third country.
Data Deletion
Insofar as no express declaration of consent during the collection (e.g., in the context of a declaration of consent) storage period, the personal data of data subjects will be deleted insofar as they are no longer required to fulfil the purpose of storage, unless statutory retention obligations (e.g. commercial and tax retention obligations) preclude deletion.
Rights of data subjects
You have the rights described below under the General Data Protection Regulation,. The exercise of these rights is free of charge for you. However, you may need to prove your identity with two factors. We will use reasonable efforts in accordance with our legal obligations to enforce your rights.
To exercise your rights, please contact us by any method The contact details can be found in the section “Contact with the Data Protection Officer” and the Imprint or Disclaimer page.
Right of access: You can request information from the controller about the personal data stored about you (Art. 15 GDPR). If you have direct access to your data via portals/self-service, the right to information is deemed to have been fulfilled.
Right to rectification: If your personal data is incorrect, you have the right to request its correction (Art. 16 GDPR).
Right to revoke the declaration of consent: If the processing of your data is based on your consent, you have the right to revoke it at any time in accordance with Article 7 (3) GDPR. The revocation does not affect the lawfulness of the processing carried out until then. You can declare a revocation in writing, by e-mail and, if necessary, within the scope of the service offered.
Right to object in the case of processing to safeguard legitimate interests: If we process your data to safeguard legitimate interests, you can object to this processing in accordance with Article 21 GDPR for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to erasure: Under the conditions set out in Article 17 GDPR, you have the right to request the deletion of your personal data. This is e.g., the case if you revoke a given consent or the data is no longer required for the purposes for which it was collected.
Right to restriction of processing: Under the conditions of Article 18 GDPR, you have the right to request a restriction of the processing of data concerning you.
Right to data portability: If you have provided us with personal data yourself, you have the right, in accordance with Article 20 GDPR, to request a transfer from us directly to another controller or to another organisation. Alternatively, you have the right to request that we ourselves provide you with the data in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract or in the context of contract negotiations and the processing is carried out using automated procedures.
Right to lodge a complaint: You have the possibility to lodge a complaint with the data protection officer referred to in this data protection declaration (contact details see above) or with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
In any case, you can contact:
Hintere Bleiche 34
D-55116 Mainz