Information on data protection

for

Third Party Identity Management (3IAM)

 

 

 

Data protection is something that BASF (herein after referred to as "we" or "us") takes very seriously. Naturally, this also includes ensuring a high level of transparency. To ensure this transparency, the following document provides information on how we process the personal data of 3IAM (herein after referred to as "Your Personal Data"). Of course, we process personal data only in strict compliance with the applicable laws on the protection of personal data.

 

 

 

Who is responsible for data processing and who is the Data Protection Representative?

 

Responsible for data processing is

BASF Digital Solutions GmbH

Pfalzgrafenstrasse 1

67061 Ludwigshafen am Rhein

Germany

 

Our Data Protection Representative is Ralf Herter can be contacted at:

 

ralf.herter@basf.com

 

 

Which data categories do we process and where do they come from?

 

We process the following categories of personal data:

 

-         First Name, Last Name

-         E-Mail Address

-         Mobile Phone Number (sometimes)

 

We collect Your Personal Data directly from you while carrying out the contractual relationship.

-         A BASF employee request an account for you to provide access to an application which you want to use

 

When you visit our website without contacting us or signing in, your browser transmits standard information automatically to our server:

-         IP address of your computer

-         Information about your browser

-         URL or file requested

-         Date and time of your visit

-         Volume of data transmitted

-         Status information, e.g. error messages

 

 

For what purposes and on what legal basis is Your Personal Data processed?

 

We process Your Personal Data in compliance with the provisions of the General EU Data Protection Regulation (GDPR), as well as other relevant laws.

 

Processing of Your Personal Data serves the following purposes:

 

-         Managing accounts to provide access to an BASF application

 

The processing of the above-mentioned data categories is necessary to achieve these purposes.

 

If not otherwise expressly stipulated, the legal basis for the processing is article 6 Para. 1 lit (b) and (f) EU General Data Protection Regulation.

 

If we intend to process Your personal data for any other purpose not mentioned above, we will inform You accordingly prior to such processing.

 

 

To whom is personal data transmitted?

 

Within our company, only persons and bodies who need Your Personal Data to fulfill the above-mentioned purposes will receive access to such data.

 

Within our group of companies, Your Personal Data is provided to specific companies within the group if they centrally perform key tasks for affiliates within the company group or perform cross-company functions on the basis of the organizational structure or if it necessary to fulfill the above-mentioned purposes.

 

We also work with service providers to fulfill the above-mentioned purposes. Those service providers process Your Personal Data in our name and solely according to our instructions. They are contractually obliged to adhere to the applicable data protection regulations.

-         Our own data center provider

-         Cloud provider like AWS

In some cases, we disclose personal data to service providers or group companies located outside of the European Economic Area ("third-party countries"), in which an adequate data protection level is not guaranteed by applicable laws. In such cases we take suitable measures to safeguard the protection of the personal data of Your Personal Data and to ensure an adequate level of data protection. Hence, we disclose Your Personal Data to recipients outside our group of companies located in a third-party country only if those recipients have concluded the EU Standard Contractual Clauses with us or if those recipients have implemented Binding Corporate Rules.

 

Further information as well as a copy of the measures taken can be obtained from the above specified contacts.

 

 

For how long do we retain Your Personal Data?

 

If not explicitly stipulated otherwise (e.g. in a specific consent form) we delete or block Your Personal Data as soon as they are no longer needed for the purposes cited above, unless deletion or blocking would violate our legal obligations to provide and preserve records (such as retention periods provided by commercial or tax laws).

 

 

Which data protection rights do You have?

 

You may request information regarding the personal data we store and process concerning You at the above address. In addition, under specific circumstances You may demand correction or deletion of Your Personal Data. You might also be entitled to a right to restrict the processing of Your Personal Data as well as a right to the disclosure of the data provided by them in a structured, customary and machine-readable format.

 

 

Right to object

 

If the processing is based on a consent, You have the right to object to the processing of Your Personal Data at any time. If we process Your Personal Data to safeguard our legitimate interests, You can object to the processing at any time for reasons resulting from Your specific situation. In case of an objection we will stop processing Your Personal Data unless we can provide compelling reasons that prevail over Your interests, rights and freedoms or prove that the processing serves the establishment, exercise, defense of legal claims or litigation.

 

 

Where can complaints be submitted?

 

Irrespective of any other legal remedy under administrative law or judicial remedy, You are entitled to file a complaint with the supervisory authority, particularly in the member state in which You are a resident or where the alleged violation took place, if You believe the processing of Your Personal Data is in violation of the EU General Data Protection Regulation.

 

The supervisory authority to which the complaint is submitted shall notify the appellant of the situation and the results of the complaint, including the option of a legal remedy in accordance with article 78 of the EU General Data Protection Regulation.

 

The lead supervisory authority is:

 

For BASF Group in Europe:

Der Landesbeauftragte fuer den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Hintere Bleiche 34

55116 Mainz

Germany