Information on Data Protection for Visitors
BASF takes data protection seriously. This information describes the principles that apply when BASF receives visitors on its Site.
Furthermore, we would like to inform you about:
- the existence of your rights regarding the processing of your personal data
- the Controller in the meaning of data protection laws and, where applicable, our Data Protection Officer
1. Data Processing
When you visit the site of BASF or a building operated by BASF, facilities for chemical production or other premises of BASF (“Site”), BASF processes the following personal data:
- BASF processes in particular your name, date of birth, the persons you visit, your passport number, your phone number and the number of days you visit us. As appropriate, you must answer questions in a test about safe behavior on the Site; the results of such test will be stored. BASF will issue an identity card that is to be worn visibly on the Site (e.g. one-day identity card, driver identity card, replacement identity card). In case of drivers, BASF processes the number plate of the used vehicle. When you transport dangerous goods, BASF will examine the dangerous goods and document such examination.
- When you enter our Site to fulfill a contract with BASF, BASF processes the company you work for and other required personal data to fulfill such contract.
2. Purpose and extent of processing
- The purpose of processing under Section 1a is the verification of your access authorization, the verification of your compliance with the extent of such access authorization and the protection and security of the Site and the people that work on the Site.
The personal data described under Section 1a will be stored to the extent necessary for the aforementioned purposes. Furthermore, BASF may store such data if and to the extent foreseen by applicable laws.
- BASF processes the personal data under Section 1b to the extent necessary to fulfill the respective contract. Furthermore, BASF may store such
data if and to the extent foreseen by applicable laws (record keeping).
3. Legal ground
Legal ground for the processing is point (f) of Article 6
(1) General Data Protection Regulation. The legitimate interests are determined by the purposes under Section 2. You are free to disclose such personal data. Without providing such data we can refuse the access to the Site.
4. Recipients
In some cases, we transmit the data mentioned in Section 1 to Data Processors based in the European Union for the purposes determined in Section 2. Such Data Processors process personal data only on instructions from us and the processing is carried out on behalf of us. We do not intend to transfer your personal data to a third country.
5. How do we protect your personal data?
BASF implemented technical and organizational measures to ensure an appropriate level of security to protect your personal data against accidental or unlawful alteration, destruction, loss or unauthorized disclosure. Such measures will be continuously enhanced in line with technological developments.
6. What rights do you have?
Right to access: the right to obtain access to your information (if we’re processing it), and certain other information (like that provided in this Privacy Policy);
Right to correct: if your personal is inaccurate or incomplete you have the right to have your personal information rectified;
Right to erasure: this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defense of legal claims.
Right to restrict our use of your information: the right to suspend the usage of your personal information or limit the way in which we can use it. Please note that this right is limited in certain situations and apply in the following cases: (a)
inaccuracy of data; (b) where our processing is unlawful and you don’t want your personal information erased; (c) we no longer need to use the data for the purposes for which we collected it, but you need such data for a legal claim. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for restriction of the use of their personal information to make sure the restriction is respected in future;
Right to data portability: the right to request that we move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services;
Right to object: the right to object to our use of your personal data where such use is based on the legal ground of legitimate interests;
Right to be informed: you have the right to be provided with clear, transparent and easily understandable information about how we use your personal information; and
Right to withdraw consent: if you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful).
The exercise of these rights is free of charge for you, however you are required to prove your identity with 2 pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.
To make inquiries or exercise any of your rights set out in this Privacy Policy and/or make a complaint please contact us by emailing or write to us and we will endeavor to respond within 30 days. Name and contact details of the responsible data protection officer and controller are available at basf.com/data- protection-eu.
When we receive complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints that we cannot resolve directly.
If you are not satisfied with the way any complaint you make in relation to your personal information is
handled by us then you may refer your complaint to the relevant data protection supervisory authority.
7. Supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Or you can contact:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz
https://www.datenschutz.rlp.de/de/general- storage/footer/ueber-den-lfdi/kontakt/
E-Mail: poststelle@datenschutz.rlp.de
8. Controller and Data Protection Officer
Controller in the meaning of data protection laws for the processing is the legal entity of BASF-Group that operates the respective Site (“BASF”).
Name and contact details of the responsible data protection officer and controller are available at basf.com/data-protection-eu.